6.9M Driver’s License Numbers Exposed

News Room

A massive data breach exposed Americans’ driver’s license information, making it the largest known breach involving the data this year.

Insurance provider AssuranceAmerica, via TechCrunch, said hackers accessed driver’s license numbers for 6.9 million customers. In addition to driver’s license numbers, attackers also obtained customers’ names, contact details, auto insurance policies and accounts, as well as driver and vehicle details.

Information on customers’ claims was also affected, along with Social Security numbers and Tax ID details for some customers.

What we know about the breach

According to TechCrunch, the breach dates back to March 17, when the company detected hackers on its systems. The discovery prompted an investigation that spanned almost three months before concluding on June 15. AssuranceAmerica subsequently filed the breach notification with the Office of Maine’s Attorney General.

The company also noted that after the discovery, compromised systems were immediately disabled to contain the attack. Details on how the threat actors gained access were limited to the company stating that the actors “targeted one of the Company’s employees,” but did not disclose how they gained access.

Driver’s license and other related data impacted by the breach

Individually, each piece of data may hold little value, but when combined for profiling, they provide a rich dataset that could be valuable long after the breach because identity-based data, unlike credentials, cannot be easily changed.

That reason could help explain why attackers are increasingly targeting companies that possess this long-term, valuable data. Last month, TechCrunch reported that hackers accessed about 3 million driver’s licenses and passport information from the Texas state government.

Meanwhile, another insurance giant, Aflac, has fallen victim to two cyberattacks in the past year, resulting in the theft of 26 million customer records combined.

Must-read security coverage

Why does this matter?

The breach underscores an emerging pattern in which cybercriminals are pursuing government-issued identity data that supports fraud well beyond the initial attack. For organizations, the incident also shows that the value of stolen information is increasingly measured by how long it remains useful to attackers, rather than simply by how much is taken.

AssuranceAmerica said it will begin notifying impacted customers on July 10. Some affected customers may also be eligible for complimentary identity theft protection services, depending on applicable legal requirements.

For customers, the disclosure marks the beginning rather than the end of the incident. Stolen information is often retained, traded, or reused long after a breach is discovered, meaning fraudulent activity may not surface immediately.

Affected customers should be more vigilant going forward, especially regarding any data that may have been compromised. Because this breach occurred months ago, it is important to enroll in any security protections the company offers as soon as you can.

More news: Fake job offers are also becoming a growing phishing tactic. Learn how attackers are impersonating major brands to steal Google account credentials.

Read the full article here

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *