6.9 million US driver's license records exposed in latest insurance breach
One employee falls for a phishing attack – now nearly 6.9 million insurance customers are paying the price.

Image by Cybernews.
- AssuranceAmerica says hackers stole policy data tied to nearly 7 million people in a March phishing attack.
- The exposed information includes driver's license numbers, insurance policy details, claims information, and other personal data that could be used in identity fraud.
- The breach is the latest in a string of cyberattacks hitting the US insurance sector, highlighting the growing risks facing policyholders and insurers alike.
Major insurance provider AssuranceAmerica says hackers infiltrated its systems and stole policy information connected to nearly 7 million individuals across more than a dozen states, including US driver’s license numbers and other personally identifiable information (PII).
AssuranceAmerica began notifying a whopping 6,998,886 individuals by mail last week that their sensitive data had been exposed to attackers during a St. Patrick’s Day breach taking place earlier this year.
Hackers breached insurer through phishing
AssuranceAmerica says it first became aware of the unauthorized access on March 17th – only 24 hours after the unknown actors breached the system via a credential-stealing phishing attack targeting one of the company’s employees.
Referring to the intrusion as a “cyber incident,” the company says the attackers were booted from its systems upon discovery.
“The Company takes very seriously the need to protect the privacy and security of all personal information that it maintains, and deeply regrets any inconvenience or concern that this incident may cause.”– AssuranceAmerica Managing General Agency, LLC
A copy of the breach notice, filed on June 17th with the Maine Attorney General’s Office and reviewed by Cybernews, reveals the attackers “accessed certain portions of the company’s informational technology (IT) environment and copied certain data files.”
“Because of the nature of the files involved and the scope of the required review, this file evaluation process was only recently completed on (June 15, 2026), and we are now providing this notice,” the letter states.
What data was exposed?
The privately held insurance and financial services company works with more than 9,500 independent agents offering auto, property, and commercial insurance policies to millions of customers across 14 states, according to its LinkedIn profile.
AssuranceAmerica began sending out notices to affected individuals located in California, Massachusetts, Nebraska, South Carolina, Texas, Vermont, and Washington on June 27th, Florida’s Tampa Bay News 10 reported – also a regional hub for the insurance provider.
Forensic investigators say the following information was compromised in the attack:
- Contact information
- Automobile insurance policy or insurance account information
- Driver or vehicle information
- Claims-related information
- Driver’s license number
What affected customers should know
Besides isolating the affected systems to prevent any further malicious activity, AssuranceAmerica says it has since disabled the compromised credentials, terminated unauthorized sessions, and implemented password resets.
The company says it has also deployed enhanced monitoring and threat-detection tools and is providing additional security awareness training to employees.
Check if your data has been leaked
Although the company has not offered to provide free credit monitoring services to the nearly 7 million affected customers, it is urging those individuals to actively review credit reports, bank accounts, and other financial statements, and to report any suspicious activity.
AssuranceAmerica has more than 500 employees and generates an estimated $499 million in annual revenue, according to ZoomInfo. It’s unclear if employee data was impacted.
The AssuranceAmerica breach notice does not mention ransomware or any ransom demand.
Cybernews has reached out to the company for additional comment.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
Insurance industry remains a prime target
The insurance industry has been a prime target for hacker groups in recent years due to the large amount of senstive personal data stored in it systems. This information can easily be used and abused to carry out identity theft, credential stuffing attacks, and fraud.
Cybercriminals are also known to buy, sell, and trade stolen PII in hacker marketplaces and underground forums which can then be used in future phishing attacks on the same victims.
Last month, the National Association of Insurance Commissioners (NAIC), was targeted by the notorious ShinyHunters extortion gang.
The cybercriminals allegedly claimed to have leaked a massive 3.1 TB cache of stolen files linked to the national insurance regulatory body after NAIC failed to negotiate with the gang.
And in May, US insurance giant Liberty Mutual was claimed by the Everest ransomware group.
That attack allegedly exposed over 100 GB of stolen data, including the personal and financial information of thousands of individual policyholders.
Other insurance companies suffering ransomware attacks in the past 12 months include Erie Indemnity, the Farmers Insurance Group, and Prudential in 2024.