Skip to content

AssuranceAmerica Data Breach Exposes Driver’s License Numbers of 6.99 Million People

UPDATE: Breach notice can be found here: https://www.documentcloud.org/documents/28433184-assuranceamerica-data-breach-notice/


U.S. insurance provider AssuranceAmerica has confirmed a data breach affecting nearly 7 million people, exposing personal information and driver’s license numbers.

According to TechCrunch, AssuranceAmerica discovered hackers inside its computer systems on March 17, 2026. The company completed its investigation on June 15 and determined that customer data had been stolen.

The breach affected 6.99 million people, according to data breach filings cited by TechCrunch from the Indiana and Maine attorney general offices. Notification letters are expected to be sent beginning July 10.

The stolen information included names, contact information, and driver’s license numbers. AssuranceAmerica’s breach notice also said the attackers accessed information related to auto insurance policies and accounts, drivers and vehicles, and customer claims.

The company did not provide a full breakdown of every data field taken. However, TechCrunch reported that AssuranceAmerica said the attackers targeted one company employee and that compromised credentials were later disabled.

AssuranceAmerica did not disclose exactly how the employee credentials were stolen. TechCrunch noted that similar incidents involving stolen employee credentials have previously been linked to password-stealing malware or compromised software.

The scale of the breach makes it one of the largest known exposures of U.S. driver’s license data this year. Driver’s license numbers can be used for identity theft, fraud, impersonation, and account verification abuse, especially when combined with names and contact information.

The incident also follows other recent breaches involving identity documents. In June, Texas officials disclosed that hackers stole information tied to at least 3 million driver’s licenses and passport numbers from the state’s parks and wildlife division.

The broader trend is clear: identity documents are becoming a high-value breach target at the same time more services are asking users to upload IDs for verification. Once exposed, driver’s license data cannot be rotated as easily as a password.

For organizations handling driver and insurance data, the takeaway is straightforward: employee credential compromise remains a major breach path. Strong phishing-resistant MFA, credential theft detection, endpoint monitoring, session controls, and least-privilege access are critical when a single compromised employee account can expose millions of records.

Latest