Cybersecurity Breach at AssuranceAmerica Affects Over 6.9 Million Records

AssuranceAmerica, a renowned auto and renters insurance provider based in Atlanta, recently disclosed a significant cybersecurity breach impacting over 6.9 million records, as detailed in state regulatory disclosures. The incident, traced back to a March 17 phishing attack on an employee, was reported to the California Attorney General's office and highlighted serious vulnerabilities in the company's cybersecurity measures.

The breach, involving unauthorized access to the insurance company's IT systems, led to exfiltration of sensitive data files. Regulatory compliance records from Maine indicated that more than 6.9 million individuals were affected, including nearly 880 Maine residents. This revelation came amidst a halt in the Maine Attorney General's breach notifications due to a separate cyber attack.

The leaked data potentially includes personal and policy-related information, such as names, policy identifiers, claims data, and Social Security numbers, as reported in the California filing. In response, AssuranceAmerica has strengthened its cybersecurity framework by decommissioning affected systems, upgrading access controls, enhancing threat detection, and instituting additional employee cybersecurity training.

Customers have been advised to review their credit reports and financial statements closely, with the offer of a year of complimentary credit monitoring as a precaution. Although the perpetrators remain unknown, similar breaches in the insurance sector have previously involved sophisticated social engineering schemes orchestrated by cybercriminal groups. Attempts to contact AssuranceAmerica for further details have been unsuccessful.