Back to news
Cybersecurity Alert
June 29, 2026 by EmailMeNow IT Consulting

AssuranceAmerica Data Breach May Have Exposed 1.1 Million Policyholders

AssuranceAmerica MGA says a March employee-targeted attack copied policyholder files affecting 1.1M+ people across seven states. Post-incident audits score assuranceamerica.com at 34% with 0% Identity & Spoofing.

Source: California Attorney General · Insurance Business

Data BreachInsurancePhishingSocial EngineeringTexasCaliforniaCybersecurity
AssuranceAmerica auto insurance data breach affecting more than one million policyholders

AssuranceAmerica Managing General Agency, LLC — an Atlanta-based non-standard auto insurance MGA — says suspicious activity on its systems may have exposed the personal information of more than 1.1 million people.

Residents in California, Massachusetts, Nebraska, South Carolina, Texas, Vermont, and Washington are being notified after a review of copied data files was completed in mid-June 2026.

What Happened

According to the company’s California Attorney General notice letter:

  • March 16, 2026 — Malicious activity targeted one AssuranceAmerica employee (consistent with phishing or social engineering).
  • March 17, 2026 — The company detected suspicious activity on part of its IT environment.
  • An unauthorized third party accessed AssuranceAmerica systems and copied data files.
  • June 15, 2026 — File review completed; notification letters began going out in June 2026.

The nearly three-month gap between detection and completed review reflects the volume of policyholder records aggregated across AssuranceAmerica’s retail agent and broker network — a wider blast radius than a single-carrier breach typically creates.

Insurance employee targeted by phishing email that led to unauthorized access at an MGA

Data at Risk

Affected files may include names plus one or more of:

  • Contact information
  • Automobile insurance policy or account information
  • Driver and vehicle information
  • Claims-related information
  • Driver’s license numbers
  • Tax ID information
  • Social Security numbers

AssuranceAmerica is offering 12 months of complimentary IDX credit monitoring to affected individuals. If you received a notice, enroll through the instructions in your letter and watch for follow-on identity theft and impersonation scams.

Policyholder auto insurance records, driver's license, and Social Security data exposed in MGA breach

Reported Impact by State

State AG filings and breach aggregators have published partial resident counts (figures may overlap reporting channels):

StateReported residents affected
South Carolina611,046
Texas500,987
Washington8,950
Massachusetts3,569
Vermont272
CaliforniaFiled with CA AG (count not published on list)
NebraskaFiled with NE AG

Combined published totals exceed 1.1 million when South Carolina and Texas filings are included. AssuranceAmerica also appeared on the California AG breach list published June 17, 2026, with breach dates of March 16–17, 2026.

Why Employee-Targeted Attacks Hit MGAs Hard

Insurance sector losses increasingly start with human-layer compromise, not firewall gaps:

  • Coalition’s 2026 Cyber Claims Report found business email compromise and funds transfer fraud together accounted for 58% of cyber incidents in 2025.
  • Resilience reported social engineering drove 57% of incurred cyber claims in the first half of 2025.

For an MGA, one compromised employee credential can expose policyholder files shared across many downstream agents — multiplying notification and fraud risk.

Policyholder receives breach notice while fake credit-monitoring phishing message appears on phone

Independent Cybersecurity Audit

An EmailMeNow Cybersecurity Audit of AssuranceAmerica’s primary public domains on June 29, 2026 found weak overall posture — especially email identity controls that make post-breach impersonation easier.

DomainOverallIdentity & SpoofingTransport SecurityWebsite SecurityRisk Level
assuranceamerica.com34%0%15%45%Weak
aamga.com33%0%15%45%Weak

Key findings:

  • 0% Identity & Spoofing on both domains — no effective DMARC enforcement for spoofed @assuranceamerica.com or @aamga.com messages that could target agents or policyholders after a breach.
  • 15% Transport Security — MTA-STS/TLS-RPT gaps leave room for mail-path downgrade risks.
  • Email Infrastructure scores higher (Microsoft 365 on the primary domain), but identity and transport weaknesses undermine the value of hosted mail security.

Weak public-domain email controls do not cause a breach by themselves, but they amplify harm when attackers already have policyholder contact data and SSNs.

Audit links:

Recommendations

If you received a notice:

  • Enroll in the IDX monitoring offered in your letter using only the official URL printed there — not links from unsolicited email or text.
  • Freeze or monitor credit; watch for auto-loan, claims, and tax-related identity fraud.
  • Report suspicious messages impersonating AssuranceAmerica or its agents.

For insurance organizations and MGAs:

  • Enforce phishing-resistant MFA and help-desk verification for all staff with access to policyholder files.
  • Deploy DMARC p=reject with SPF alignment on every customer-facing domain before the next incident.
  • Segment MGA platforms from agent workstations; log and alert on bulk file exports.
  • Test incident notification timelines — 90-day review gaps extend victim exposure.

Protect your organization and policyholders.

Run a free Instant Cybersecurity Audit at audit.emailmenow.com to evaluate SPF, DKIM, DMARC, MTA-STS, and website hardening.

Contact EmailMeNow IT Consulting for MGA email security assessments, DMARC enforcement, and incident response planning.


Sources: California AG — AssuranceAmerica notice letter (PDF) · Insurance Business — employee-targeted attack · EmailMeNow audit — assuranceamerica.com · EmailMeNow audit — aamga.com