Massive data breach exposes 6.9 million driver's license numbers
U.S. insurance provider AssuranceAmerica confirms data breach affecting personal info and driver's license numbers of 6.9 million people.

U.S. insurance provider AssuranceAmerica has confirmed a data breach affecting the personal information and driver's license numbers of 6.9 million people, making it the largest known spill of Americans' driver's license information this year. AssuranceAmerica, founded in 1998, provides car and rental insurance to customers across more than a dozen U.S.
states. The company handles large amounts of information about prospective insurance customers and vehicle drivers, including their personal information and details about their state-issued driver's licenses. In the hands of a malicious person, a driver's license number can be used for fraud and impersonation.
In a data breach notice sent to customers and seen by TechCrunch, AssuranceAmerica said it discovered hackers in its computer systems on March 17. The company concluded its investigation on June 15, finding that the hackers had stolen customers' names, contact information, and driver's license numbers. The breach notice said the hackers also took information about customers' auto insurance policies and accounts, their drivers and vehicles, and details about customer claims.
The company did not provide specifics about which other types of personal information were taken. AssuranceAmerica did not specify the specific cause of the breach, but noted that the hackers "targeted one of the Company's employees" and that the company subsequently "disabled compromised credentials." It's unclear how those credentials were stolen, but prior incidents involving stolen employee credentials have been linked to password-stealing malware or the use of compromised software. TechCrunch emailed questions about the incident to AssuranceAmerica CEO Joe Skruck and founder Guy Millner, including asking if the company had any contact with the hackers or paid a ransom.
Neither responded. According to a data breach listing with the Indiana attorney general's office, AssuranceAmerica listed the breach as affecting 6.99 million people, with notification letters set to be sent out on July 10. A separate copy of AssuranceAmerica's data breach notification, shared by the Maine attorney general's office at TechCrunch's request, also lists the number of affected people at 6.99 million.
The incident at AssuranceAmerica follows a spate of data breaches affecting driver's licenses and other identity documents in recent months. In June, the Texas state government said hackers stole information about at least 3 million driver's licenses and passport numbers during a data breach affecting the state's parks and wildlife division. The AssuranceAmerica breach highlights growing concerns about data security in the insurance industry.
As companies handle vast amounts of sensitive information, they must prioritize robust security measures to protect against increasingly sophisticated cyber threats. The exposure of 6.9 million driver's license numbers raises serious questions about the potential for identity theft and fraud. This breach also underscores the need for greater transparency and accountability in data breach reporting.
Source: TechCrunch