Your driver's license may have been stolen by hackers if you are a client of this insurance company
Insurer AssuranceAmerica revealed that policy and claims data was also exposed.
Millions of American drivers have just received news that no one wants to read: their driver's licenses, along with other personal data, ended up in the hands of hackers after a cyberattack on the insurer AssuranceAmerica.
What exactly happened to AssuranceAmerica?
The company, founded in 1998 and dedicated to offering auto and rental vehicle insurance in more than a dozen states in the United States, confirmed a security breach that affected approximately 6.9 million people. According to the Indiana Attorney General's Office, the exact number is around 6.99 million affected, and notification letters will begin to arrive on July 10. This is the largest leak of American driver's licenses recorded this year, a figure that shows how fragile cybersecurity can be even in industries as regulated as insurance.
The curious (and worrying) thing is how it all started. AssuranceAmerica detected suspicious activity on its systems on March 17, but the forensic investigation was not completed until June 15. That is, almost three months passed between the discovery of the attack and the confirmation of what the hackers had really taken. The company acknowledged that the hackers “targeted one of the company's employees” and that the compromised credentials were then disabled, although it never explained how those credentials came into the hands of the criminals. Similar cases in the past have been linked to password-stealing malware or infected software tools, so it wouldn't be unusual for something similar to happen here.
What information was exposed and why it is so scary
The stolen data is not limited to license numbers. According to the notification sent to customers, the attackers also stole names, contact information, auto insurance policy and account details, driver and vehicle data, and information related to loss claims. Other sources add that in some cases Social Security numbers and tax identification numbers were also compromised, which further increases the level of risk for victims.
A driver's license number may sound less “serious” than a banking password, but it is actually one of the master keys to identity fraud. With this information, added to a name and address, a criminal can open accounts in another person's name, request credit, or even impersonate the victim before authorities or insurers. That's why data protection experts insist that this type of information, combined with insurance claims data that often includes medical or accident details, becomes a perfect package for identity theft.
A problem that goes far beyond a single company
This case does not occur in a vacuum. AssuranceAmerica joins a recent wave of leaks affecting identity documents in the United States, a pattern that is beginning to worry cybersecurity specialists.
Just in June, the Texas government revealed that hackers stole information from at least 3 million driver's licenses and passports during an attack on its parks and wildlife division. Similar leaks have also been reported at a hotel check-in system, a money transfer app, a prison phone provider and a UK visa service.
What makes this time particularly sensitive is that more and more sites and apps are requiring users to upload ID documents to verify age, as part of new age verification laws being implemented globally.
That means more companies are accumulating this type of sensitive data, and each new database becomes a potential target for cybercriminals. If anything is clear from the AssuranceAmerica case, it is that protecting a license number today should be as high a priority as protecting a banking password, because the consequences of it falling into the wrong hands can haunt a person for years.

