AssuranceAmerica Data Breach via Compromised Employee Account Exposes 7 Million Driver’s License Numbers

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Key Takeaways
  • Breach confirmed: AssuranceAmerica confirmed a data breach exposing the personal information and driver's license numbers of roughly 7 million people.
  • Discovery timeline: Hackers were discovered in the company's systems on March 17, 2026; the investigation concluded on June 15, 2026.
  • Attack method: Hackers targeted a single AssuranceAmerica employee to gain access; the company disabled the compromised credentials after discovering the intrusion.

An AssuranceAmerica data breach affecting the personal information and driver's license numbers of 6,998,886 people was confirmed in filings with the Indiana and Maine attorneys general. AssuranceAmerica provides car and rental insurance to customers across 14 U.S. states.

How Hackers Accessed AssuranceAmerica's Systems

The AssuranceAmerica data breach filing said the company discovered on March 17 that hackers had “accessed certain portions of the company’s IT environment and copied certain data files” on March 16 and concluded its investigation on June 15, 2026. 

The company confirmed hackers stole customer:

The filing said hackers "targeted one of the company's employees" and that it subsequently disabled compromised credentials, though it has not disclosed whether those credentials were originally obtained via social engineering, infiostealers, or other methods. 

Growing Pattern of Driver's License Data Breaches in 2026

The company filing stated it deployed enhanced monitoring and threat detection tools, reset passwords, and provided additional instructions to personnel regarding cybersecurity threats.

The AssuranceAmerica breach follows a string of 2026 incidents exposing driver's license and identity document data. TechCrunch notes these incidents come as more websites and apps require users to submit identity documents to comply with expanding age-verification laws. 

A Texas Parks and Wildlife Department (TPWD)  breach affecting at least 3 million driver's license and passport numbers was disclosed in June. 

Other 2026 identity-document exposures reported by TechNadu include the prison calling service Pay Tel leak due to a Microsoft Azure server misconfiguration, the U.K. Visa Portal, and the Canadian Duc App money transfer service,


For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: