All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
AssuranceAmerica, one of the leading insurance providers in many U.S. states, suffered a data breach that compromised the personal information of 6,998,886 customers, making it the largest cybersecurity lapse involving Americans' driver's license numbers in 2026.[1]
If you're an AssuranceAmerica client or were one previously, your personally identifiable information, such as your name, contact details, and driver’s license number, may now be at risk.
Even worse, the company isn't providing free identity monitoring to help you weather the storm. Imagine a cybercriminal opening a new line of credit in your name or even impersonating you entirely, all without you realizing it until it's too late.
Here's what was taken, how the insurance company responded, and the steps you can take right now to secure your identity.
A growing pattern of driver data abuse
What can you do now?
Bottom line
What we know about the attack
According to the letter sent to AssuranceAmerica customers, the company first detected suspicious activity on March 17, 2026, after which an investigation was launched in collaboration with external computer forensic specialists.
According to TechCrunch, who first reported the data breach, the company has not shared details on how attackers breached its systems, but said the suspicious activity involved an attack targeting one of the company's employees.
The following customer data has been confirmed to have been leaked during the data breach:
- Name
- Contact information
- Vehicle insurance policy or insurance account information
- Driver or vehicle information
- Driver's license number
- Claims-related information
Following the data breach, the company quickly disabled compromised credentials, terminated all unauthorized sessions, isolated the affected systems, and notified law enforcement agencies.
"The company has taken, and continues to take, steps to prevent similar incidents from happening in the future," AssuranceAmerica said in its letter. This includes enhancing its security and IT systems and deploying additional threat detection and enhanced monitoring tools.
A growing pattern of driver data abuse
This is the second incident involving driver's license number breaches in the last month.
The Texas Parks and Wildlife Department notified customers of a breach in late June that exposed personal information, including driver's license numbers, passport numbers, phone numbers, residential addresses, and email addresses, belonging to more than 3 million Texas hunting and fishing license holders.
Additionally, the Japanese subsidiary of Aflac — another American insurance provider — suffered a data breach last month in which details such as names, addresses, telephone numbers, policy numbers, coverage details, and premium payment account information pertaining to 4.38 million customers were compromised.
As it turns out, driving in the U.S. is becoming increasingly risky from a digital privacy standpoint. Since last year, Flock Safety has rapidly expanded its AI-powered automatic license plate reader (ALPR) network across the country, creating a dystopian surveillance state.
What can you do now?
Unfortunately, AssuranceAmerica is not offering free credit monitoring following this incident. Here are a list of steps you can take instead.
- Use an identity theft protection service to help stay on top of any signs that your personal information has been exposed or misused, such as your data appearing on the dark web.
- Watch out for fake emails or texts appearing to come from AssuranceAmerica and prompting you to click a link or verify your account.
- Place a credit freeze by contacting all three credit bureaus: Equifax, Experian, and TransUnion. It will block malicious actors from opening new lines of credit in your name or take over existing credit accounts.
- If you do not want to freeze your credit, you can also place a fraud alert, which requires lenders to verify your identity before opening a new line of credit in your name. This service is completely free, and the alert lasts for one year.
- Track insurance policy changes. Since the compromised information relates to your insurance policy, look for insurance claims you did not file or policy changes you did not request. You can contact AssuranceAmerica directly if you notice any unexpected changes.
- Keep an eye on your bank and credit card statements. Look for any suspicious transactions you did not make, and keep reviewing your credit reports, bank accounts, and other financial statements over the next few months.
Bottom line
AssuranceAmerica's data breach has exposed the personal information of nearly 7 million customers, leaving them at risk of having sensitive details such as their driver's license number, contact information, and insurance records exploited for identity theft, financial fraud, or highly targeted phishing attacks.
Unlike a compromised credit card, a leaked driver's license number can't simply be replaced or blocked. That means affected customers will need to stay vigilant by maintaining good cyber hygiene — avoiding suspicious emails and texts, regularly monitoring their financial accounts, and making use of safeguards such as credit freezes, fraud alerts, and identity theft protection services.