Another massive data breach exposed millions of driver’s license numbers


US insurance company AssuranceAmerica has confirmed a data breach affecting the personal information and driver’s license numbers of 6.9 million people, making it the largest known leak of US driver’s license information this year.

Founded in 1998, AssuranceAmerica provides auto and rental insurance to customers in more than a dozen U.S. states. As a large insurance company, the company handles large amounts of information about potential insurance customers and vehicle drivers, including their personal information and details about state-issued driver’s licenses. In the hands of a malicious person, a driver’s license number can be used for fraud and impersonation.

In the data breach notification sent to customers and Viewed by TechCrunchAssuranceAmerica said it discovered hackers in its computer systems on March 17. The company concluded its investigation on June 15, and found that hackers had stolen customer names, contact information, and driver’s license numbers.

The hacker notice said the hackers also obtained information about customers’ auto insurance policies and accounts, their drivers and vehicles, and details about customers’ claims.

The company did not provide details about other types of personal information taken.

AssuranceAmerica did not specify the specific reason for the hack, but noted that the hackers “targeted a company employee” and that the company subsequently “disabled the compromised credentials.” It is unclear how these credentials were stolen, however Previous accidents Involving stolen employee credentials has been linked Password stealing malware or Use of hacked software.

TechCrunch emailed questions about the incident to AssuranceAmerica CEO Joe Skrok and founder Jay Milner, including asking whether the company had any contact with the hackers or paid the ransom. He didn’t respond.

According to a data breach list provided by the Indiana Attorney General’s Office, AssuranceAmerica has listed the breach as affecting 6.99 million people, and notification letters are scheduled to be sent on July 10.

A separate copy of AssuranceAmerica’s data breach notice, shared by the Maine Attorney General’s Office at TechCrunch’s request, also lists the number of people affected as 6.99 million. (Maine’s data breach portal is Currently offline and under review After publishing an expose of a fraudulent breach on its website last month.)

The incident at AssuranceAmerica follows a series of data breaches affecting driver’s licenses and other identity documents in recent months. In June, the Texas state government said hackers had stolen the information At least about 3 million driver’s license and passport numbers During the data breach that affected the state parks and wildlife division.

TechCrunch previously reported on several security vulnerabilities that together led to the leak of millions of government-issued identity documents, including incidents with… Hotel entry systemA Money transfer applicationA Public phone provider in prison and UK visa service. These data leaks come as websites and apps increasingly demand web users to hand over their identity documents to prove they are legally old enough to access them, amid… Global push by governments to introduce age verification laws.

When you make a purchase through the links in our articles, We may earn a small commission. This does not affect our editorial independence.

Leave a Reply

Your email address will not be published. Required fields are marked *