U.S. insurance provider AssuranceAmerica has confirmed a data breach affecting approximately 6.99 million individuals after attackers gained unauthorized access to company systems earlier this year. According to the company’s official data breach notice and state regulatory filings, the incident exposed driver’s license numbers and other sensitive personal information belonging to customers.
AssuranceAmerica said malicious activity targeting one of its employees occurred on March 16, 2026. The company detected suspicious activity the following day, launched an investigation, and determined that an unauthorized third party had accessed portions of its IT environment and copied certain data files. The investigation concluded on June 15, 2026.
Nearly 7 million individuals affected
According to the company’s breach notice, the compromised information varies by individual but may include:
- Full names
- Contact information
- Driver’s license numbers
- Driver information
- Vehicle information
- Auto insurance policy and account information
- Claims-related information
State breach filings indicate approximately 6.99 million individuals were affected, making it one of the largest publicly disclosed U.S. data breaches involving driver’s license information this year.
Investigation and response
AssuranceAmerica said the incident stemmed from malicious activity targeting one of its employees but did not disclose how the employee’s access was compromised or identify the threat actor responsible.
Following the discovery, the company said it disabled compromised credentials, terminated unauthorized sessions, isolated affected systems where appropriate, notified law enforcement, reset passwords, enhanced monitoring and threat detection capabilities, and provided additional cybersecurity training to employees.
Driver’s license exposure increases identity theft risk
Driver’s license numbers are valuable to cybercriminals because they can be used alongside other personal information to facilitate identity theft, account fraud, and targeted phishing campaigns. Combined with names, contact information, insurance records, and vehicle details, the exposed information could be used to impersonate victims or bypass certain identity verification processes.
Although AssuranceAmerica has not disclosed any evidence that the stolen information has been misused, affected individuals should remain alert for suspicious communications and unauthorized activity involving their personal or financial accounts.
No identity protection services announced
According to state breach filings, AssuranceAmerica is not offering complimentary identity theft protection services to affected individuals. Consumer notification letters are expected to be mailed during July 2026.
BreachNews will update this article if AssuranceAmerica releases additional information regarding the incident or attributes the attack to a specific threat actor.












