AssuranceAmerica, a closely held provider of auto and renters insurance, was the target of a cyberattack earlier this year that impacted more than 6.9 million customers, according to state regulatory filings.
The Atlanta-based firm said the incident was detected on March 17, stemming from an attack that targeted one of its employees a day earlier, according to a filing with the California Attorney General’s office.
An investigation found an unauthorized party gained access to the company’s IT department and copied a number of data files. The company said it notified law enforcement about the attack.
According to a filing with the Maine Attorney General’s office, the breach involved more than 6.9 million people. This included nearly 880 people within the state of Maine. The Maine AG discontinued posting new notices on its public site in June after its breach reporting system was the target of an attack.
Sensitive data
Information copied during the attack might have included names, insurance policy numbers, claims information, drivers license numbers, vehicle information and Social Security numbers, according to a copy of the breach notice filed in California.
After the incident, AssuranceAmerica said it took the affected servers offline and implemented a series of measures to harden its systems against additional attacks. The company reset passwords, enhanced monitoring and threat detection software and gave employees additional instructions about how to prepare for cyber threats.
The company warns customers to review credit reports, banking information and other records for potential fraud. It is offering 12 months of credit monitoring to help customers check for any suspicious activity.
There is no indication of who may be behind the attack. In 2025, a series of insurance companies were targeted in a wave of social engineering attacks linked to a cybercrime group known as Scattered Spider. The group is affiliated with other affiliates in a larger underground community known as The Com.
Officials from AssuranceAmerica were not immediately available for comment.