July 2, 2026 · Industry Trends

Auto Insurance MGA Breach Exposes Data on 1.1 Million Policyholders

AssuranceAmerica, an Atlanta-based managing general agency for non-standard auto insurance, began notifying more than 1.1 million people that a cyberattack exposed sensitive personal and insurance data, including Social Security numbers.

AssuranceAmerica Managing General Agency, LLC, the Atlanta-based company that administers non-standard auto and renters insurance policies for higher-risk drivers through roughly 9,500 agents across 14 states, started alerting consumers this week that a data breach may have exposed their personal information — including Social Security numbers, driver's license numbers, and auto insurance policy records, according to Claims Journal. The notification letters began going out in late June and early July, nearly three months after the intrusion was first detected.

What happened and what data was taken

According to Claims Journal, AssuranceAmerica first noticed malicious activity targeting a company employee on March 16, 2026, and confirmed suspicious activity the following day. An unauthorized third party gained access to the company's systems and copied a number of data files. The company immediately took affected servers offline and brought in an outside forensic specialist, but the scope and volume of files meant the investigation was not completed until June 15, 2026.

Insurance Business reported that the accessed files may contain names, contact details, automobile insurance policy and account information, driver and vehicle information, claims-related information, driver's license numbers, Tax ID information, and Social Security numbers — a broad set of data consistent with what a managing general agency typically holds across a distributed agent and broker network.

State breach notices were filed with California, Massachusetts, Nebraska, South Carolina, Texas, Vermont, and Washington, according to consumer news outlet WUSA9. In South Carolina alone, at least 611,046 residents were reported as impacted, according to breach-tracking site ClaimDepot, with the total across all states reaching more than 1.1 million people.

What the company is offering affected individuals

AssuranceAmerica said it is offering 12 months of complimentary credit monitoring and identity protection services through IDX to anyone whose information was in the accessed files. Enrollment codes are included in the notification letters the company is mailing to affected individuals. At least one national class action law firm has publicly announced an investigation into potential claims arising from the breach, according to Morningstar/PR Newswire.

Insurance Business noted that the attack follows a pattern increasingly common in insurance-sector breaches: a social engineering or phishing tactic gave the attacker a foothold through a single targeted employee before broader systems were accessed. Industry analysis from mid-2026 found that insurers and MGAs face growing pressure from underwriters to strengthen multi-factor authentication and human-layer controls to block this type of intrusion.

A broader pattern in insurance-sector cyber incidents

This disclosure arrives shortly after two other high-profile insurance data events. The National Association of Insurance Commissioners (NAIC) — the body that coordinates U.S. insurance regulation — reported in late June that data taken during its own hack had been published online, according to Insurance Journal. Separately, Rhode Island workers' compensation insurer Beacon Mutual reported in May 2026 that an unauthorized party had accessed its systems for one week, also exposing Social Security numbers and financial account information, according to Insurance Business. Together, these incidents underscore that insurance companies and the agencies that distribute their products hold large volumes of sensitive personal data, making them recurring targets.

What this means for you

If you hold a non-standard auto or renters insurance policy placed through AssuranceAmerica — particularly if you are in Georgia, Texas, Indiana, or Pennsylvania — it is worth checking whether you received a notification letter and, if so, enrolling in the free credit monitoring the company is offering. Even if you have not received a letter yet, it may be prudent to review your credit reports and place a fraud alert with the major credit bureaus as a precaution, since notification timelines vary by state. At renewal, it is worth asking your agent how any insurance company or MGA you work with safeguards your personal data. An independent agency like Geneva Insurance Group can help compare options across multiple carriers and coordinate placement of auto and specialty policies.

Sources & further reading

Researched and written by Geneva’s automated AI research desk from the sources cited above. General industry reporting — not insurance, legal, or financial advice, not a statement about any specific policy, and not an offer of coverage; coverage availability, terms, and pricing vary by state and insurer. Geneva Insurance Group is an independent agency licensed in 14 states. For guidance on your own coverage, talk to a licensed advisor.

Related from Geneva

More from the Wire