Privacy News 6.9 million driver’s license numbers stolen from AssuranceAmerica

Brownie2019

Level 23
Thread author
Verified
Well-known
Forum Veteran
Mar 9, 2019
1,044
5,581
2,168
Germany
Insurance provider AssuranceAmerica has confirmed a data breach affecting the personal information and driver’s license numbers of up to 6.9 million people.

AssuranceAmerica provides car and rental insurance to customers across 14 US states through a network of over 9,500 independent agents.

TechCrunch reports:
“AssuranceAmerica said it discovered hackers in its computer systems on March 17. The company concluded its investigation on June 15, finding that the hackers had stolen customers’ names, contact information, and driver’s license numbers.“

The breach notice letter also mentions information about customers’ auto insurance policies and accounts, their drivers and vehicles, and details about customer claims.

AssuranceAmerica has not yet released a public statement about the data breach. However, public breach notices and independent reporting indicate that the incident began with a targeted phishing attack against a single employee. An unauthorized third party accessed parts of the insurer’s IT systems and copied files containing customer policy information and driver’s license numbers. So far, no law‑enforcement or vendor report has publicly linked this activity to a specific threat group, ransomware operation, or nation‑state actor.

No public source has reported a ransom demand, negotiations, or payment, and AssuranceAmerica’s public filings are quiet about any contact with the attackers.

Protecting yourself after a data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened and follow any specific advice they offer.
Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose and store one for you.
Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop, or phone as your second factor. Some forms of 2FA can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
Watch out for impersonation scams. Criminals may contact you pretending to be the company. Check the company’s website to see how it is contacting affected customers, and verify anyone who contacts you using a different communication channel.
Take your time. Phishing attacks often impersonate people or brands you know, and create a false sense of urgency with messages about missed deliveries, suspended accounts, or security alerts.
Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online and helps you recover if your identity is stolen.
Check your personal data exposure
Full Story:
 
Full Story:
Additional context on this breach

The driver’s license number is the detail worth paying closest attention to in this incident. Unlike a password, you can’t simply reset it, and it can be used to support synthetic identity fraud, fraudulent vehicle registrations, or fake insurance applications in someone else’s name.

Steps specific to driver's license exposure
  • Contact your state DMV to ask whether they offer a fraud alert or flag on your license record. Some states allow you to request additional verification before a duplicate license can be issued.
  • Watch for notices about vehicles registered or insurance policies opened that you don’t recognize.
  • If you notice unfamiliar activity, file a report with your local DMV and the FTC’s identity theft site (IdentityTheft.gov) to get a recovery plan.

On the phishing angle

The report notes the intrusion reportedly began with a phishing attack against a single employee. This lines up with a broader industry pattern: a large share of breaches at mid-size companies start with credential theft via phishing rather than exploited software vulnerabilities. It reinforces the value of phishing-resistant authentication (FIDO2 hardware keys) at the organizational level, not just for consumers protecting personal accounts.

On attribution and ransom]

As the thread notes, there’s currently no public, verified attribution to a specific group, and no confirmed ransom demand or payment. Until AssuranceAmerica or a credible incident-response vendor publishes more detail, any claims about “who did it” or “what they paid” should be treated as unconfirmed.

The consumer-side advice in the Malwarebytes list is solid as a baseline. For this particular breach, adding a DMV-level check is a reasonable extra step given the type of data exposed.