AssuranceAmerica has disclosed a major data breach affecting nearly seven million people. The company says hackers entered its network through a phishing attack and copied files containing driver’s license numbers, insurance policy details, claims information, and other personal data.

The AssuranceAmerica breach adds to a growing wave of cyberattacks against the US insurance sector, where criminals often target policyholder records for identity fraud and phishing schemes.

Hackers Used Phishing to Access AssuranceAmerica Systems

AssuranceAmerica says attackers gained access to its systems on March 16, 2026, after targeting one employee with a credential-stealing phishing attack. The company discovered the intrusion on March 17 and removed the attackers from its network.

In a breach notice filed with the Maine Attorney General’s Office, the company said the attackers accessed parts of its IT environment and copied certain data files.

AssuranceAmerica completed its review of the affected files on June 15. It then began mailing notices to impacted individuals.

Nearly 7 Million People Affected by AssuranceAmerica Breach

The AssuranceAmerica breach affects 6,998,886 people, making it one of the largest insurance-related cyber incidents disclosed this year.

The company works with more than 9,500 independent agents and offers auto, property, and commercial insurance across 14 US states.

Reports say AssuranceAmerica began sending notices on June 27 to affected people in several states, including California, Massachusetts, Nebraska, South Carolina, Texas, Vermont, Washington, and Florida.

What Data Was Exposed?

Forensic investigators found that hackers copied several types of customer data.

The exposed information may include:

  • Contact information
  • Auto insurance policy or account details
  • Driver and vehicle information
  • Claims-related information
  • Driver’s license numbers

Although the notice does not mention exposed payment card details, criminals could still use the stolen information for identity theft, insurance fraud, or targeted phishing attacks.

AssuranceAmerica Strengthens Security After the Attack

After discovering the breach, AssuranceAmerica isolated affected systems to stop further unauthorized activity.

The company also disabled compromised credentials, ended unauthorized sessions, reset passwords, and added stronger monitoring and threat-detection tools.

In addition, AssuranceAmerica says it has increased security awareness training for employees to reduce the risk of future phishing attacks.

Customers Should Monitor Their Accounts

AssuranceAmerica has not offered free credit monitoring to the nearly seven million affected people.

Instead, the company urges customers to review credit reports, bank accounts, insurance records, and other financial statements for suspicious activity.

Affected individuals should also watch for phishing emails, fake insurance messages, and fraud attempts that use real policy or claims information.

The company has not confirmed whether employee data was also affected.

No Ransomware Claim Mentioned

The breach notice does not mention ransomware or any ransom demand. So far, AssuranceAmerica has not linked the incident to a known ransomware group.

Cybernews has contacted the company for additional comment.

Insurance Companies Remain Major Cybercrime Targets

The insurance industry continues to attract cybercriminals because insurers store large volumes of personal, financial, vehicle, and policyholder data.

Criminal groups can sell this information on underground markets or use it to launch identity theft, credential stuffing, fraud, and follow-up phishing attacks.

The AssuranceAmerica breach follows several other attacks against the US insurance sector. Last month, the National Association of Insurance Commissioners reportedly faced an attack from the ShinyHunters extortion group, which claimed to hold 3.1 TB of stolen files.

In May, the Everest ransomware group claimed responsibility for an attack on Liberty Mutual and alleged that it stole more than 100 GB of customer data.

Other insurers, including Erie Indemnity, Farmers Insurance Group, and Prudential, have also reported cyber incidents within the past year.

As attacks continue, insurers face growing pressure to improve phishing defenses, protect customer records, and respond faster when attackers gain access.


0 responses to “AssuranceAmerica Data Breach Exposes Nearly 7 Million Insurance Customers”