The intrusion itself followed the most common pattern in the sector. AssuranceAmerica first detected suspicious activity on March 17, 2026, and traced it to a targeted attack on a single employee the day before, consistent with a credential-stealing phishing technique. An unauthorized third party gained access to the company’s systems and copied a number of data files. External forensic experts were engaged immediately, but the review of accessed files to identify affected individuals was not completed until June 15 – three months after initial detection – with mail notifications beginning shortly after and expected to continue through around July 10. The exposed data may include names, contact details, auto insurance policy and account information, driver and vehicle information, claims-related information, driver’s license numbers, Tax ID information and Social Security numbers, per breach notifications filed with the California and Nebraska Attorneys General and South Carolina’s Department of Consumer Affairs.
Class action investigation launched following AssuranceAmerica data breach
