AssuranceAmerica, a U.S. provider of auto and renters insurance, has confirmed a significant data breach that exposed the personal information and driver’s license data of approximately 6.99 million people.
This incident marks the largest known leak of Americans’ driver’s license information this year. Founded in 1998, the Atlanta-based insurer operates in more than a dozen U.S. states. It collects extensive data on both prospective and current policyholders, including contact details, driver records, and state-issued license identifiers.
In the wrong hands, a driver’s license number can facilitate identity fraud, impersonation, and account takeover, thereby increasing the risks associated with such a large-scale data exposure.
AssuranceAmerica Massive Data Breach
According to breach notifications filed with the attorneys general of Indiana and Maine, AssuranceAmerica detected suspicious activity in its IT environment on March 17, 2026.
This activity was linked to a phishing attack that targeted one of the company’s employees a day earlier. The incident was classified as an external system breach, suggesting that the attackers first compromised employee credentials and then used them to access and copy data from internal systems.
AssuranceAmerica completed a forensic review of the impacted files on June 15, concluding that unauthorized parties had stolen customer data related to auto insurance policies, accounts, drivers, vehicles, and claims.
The filings show that 6,998,886 individuals nationwide were affected, including 878 residents of Maine, and that consumer notification letters are scheduled to be sent in mid-July.
The exposed dataset includes names, contact information, driver’s license numbers, and detailed insurance records, including policy identifiers, account information, and driver and vehicle details. Some legal and media reports suggest that certain filings indicated the potential exposure of Social Security numbers and tax identifiers.
However, AssuranceAmerica’s public notice has not fully clarified the scope of additional personal information involved. The company stated that it disabled the compromised credentials once the attack was discovered but has not disclosed what specific access controls were in place or whether multi-factor authentication was enforced on the targeted account.
TechCrunch reported that executives did not respond to inquiries about whether the company had any contact with the hackers or received ransom or extortion demands, leaving open the question of how the stolen data may be monetized.
The AssuranceAmerica breach occurs amidst a broader trend of large-scale leaks involving government-issued identity documents and driver’s license data in 2026.
In June, Texas officials revealed that hackers stole information related to over 3 million driver’s licenses and passport numbers from systems used by the state’s parks and wildlife division, adding another substantial cache of identity data to criminal marketplaces.
Recent investigations have also identified misconfigurations and security lapses that exposed identity documents from a hotel check-in platform, a Canadian money transfer app, a U.S. prison payphone provider, and a U.K. visa portal, collectively revealing millions of passports, driver’s licenses, and facial images online.
These incidents coincide with a growing global push for age verification and identity checks on consumer websites and apps, prompting more organizations to collect and store sensitive ID documents, often without adequate security measures or data minimization strategies.
For victims of the AssuranceAmerica breach, this expanding digital footprint means driver’s license numbers and insurance histories may be permanently at risk of misuse in fraud schemes, ranging from synthetic identity creation to fraudulent claims and bogus traffic violations.
Interact with Cyber Threats in Windows, Linux, macOS VMs to Trigger Full Attack Chain - Analyse Malware & Phishing with ANY RUN

