728 x 90

Another massive data breach exposed millions of driver’s license numbers | TechCrunch

Another massive data breach exposed millions of driver’s license numbers | TechCrunch

US insurance provider AssuranceAmerica has confirmed a data breach affecting the personal information and driver’s license numbers of 6.9 million people, making it the largest known breach of US driver’s license information this year. Founded in 1998, AssuranceAmerica offers auto and rental insurance to customers in more than a dozen U.S. states. As a large

US insurance provider AssuranceAmerica has confirmed a data breach affecting the personal information and driver’s license numbers of 6.9 million people, making it the largest known breach of US driver’s license information this year.

Founded in 1998, AssuranceAmerica offers auto and rental insurance to customers in more than a dozen U.S. states. As a large insurance provider, the company handles large amounts of information about prospective insurance customers and vehicle drivers, including their personal information and details about their state-issued driver’s licenses. In the hands of a malicious person, the driver’s license number can be used to commit fraud and identity theft.

In a data breach notice sent to customers and seen by TechCrunch, AssuranceAmerica said it discovered hackers in its computer systems on March 17. The company concluded its investigation on June 15 and discovered that hackers had stolen customer names, contact information and driver’s license numbers.

The breach notice said the hackers also obtained information about customers’ auto insurance accounts and policies, their drivers and vehicles, and details about customers’ claims.

The company did not provide details about what other types of personal information was taken.

AssuranceAmerica did not specify the specific cause of the breach, but noted that the hackers “targeted one of the company’s employees” and that the company subsequently “disabled the compromised credentials.” It’s unclear how those credentials were stolen, but previous incidents involving stolen employee credentials have been linked to password-stealing malware or the use of compromised software.

TechCrunch emailed questions about the incident to AssuranceAmerica CEO Joe Skruck and founder Guy Millner, asking if the company had any contact with the hackers or paid a ransom. No one responded.

According to a list of data breaches from the Indiana attorney general’s office, AssuranceAmerica listed the breach as affecting 6.99 million people, and notification letters would be sent on July 10.

A separate copy of the AssuranceAmerica data breach notification, shared by the Maine attorney general’s office at the request of TechCrunch, also lists the number of people affected at 6.99 million. (Maine’s data breach portal is currently offline and under review after a fraudulent breach disclosure was posted on its website last month.)

The incident at AssuranceAmerica follows a series of data breaches affecting driver’s licenses and other identification documents in recent months. In June, the Texas state government said hackers stole information on at least 3 million driver’s licenses and passport numbers during a data breach that affected the state’s parks and wildlife division.

TechCrunch has previously reported on several security breaches that together leaked millions of government-issued ID documents, including incidents with a hotel check-in system, a money transfer app, a prison payphone provider, and a UK visa service. These data breaches come as websites and apps increasingly require users to hand over their ID documents to prove they are of legal age to access them, amid a global push by governments to implement age verification laws.

When you buy through links in our articles, we may earn a small commission. This does not affect our editorial independence.

Check back often for more exciting news!

Posts Carousel

Latest Posts

Top Authors

Most Commented

Featured Videos