AssuranceAmerica data breach exposes records of 6.9 million drivers
American insurance company AssuranceAmerica has disclosed a data breach impacting nearly 7 million drivers after attackers gained access to its systems earlier this year. [...]
Insurance shapes how cyber risk is priced, transferred, and investigated, influencing breach costs, security incentives, and liability.
Search across headline titles and summaries.
Background for this topic.
Cyber insurance transfers some financial risk from security incidents to an insurer under a contract. Policies may cover first-party costs such as forensic investigation, system restoration, notification, and interruption of the insured’s business, as well as third-party privacy or security claims. Coverage depends on limits, deductibles, exclusions, and the policy’s definitions; regulatory penalties and ransom payments, for example, may be restricted or unavailable in some jurisdictions.
For security practitioners, insurance makes evidence of controls an operational and legal concern. Underwriting and claims may examine multifactor authentication, protected backups, logging, vulnerability remediation, access control, and tested incident-response plans. Inaccurate application answers or failure to meet policy conditions can reduce or invalidate recovery. During a claim, organizations may also share sensitive personal, technical, and investigative information with insurers, brokers, lawyers, and responders, requiring careful privacy, confidentiality, and evidence-handling practices.
Weekly headline count for the current query.
American insurance company AssuranceAmerica has disclosed a data breach impacting nearly 7 million drivers after attackers gained access to its systems earlier this year. [...]
Third-party contractor compromise exposed health information and insurance billing passwords
Aflac Japan has notified regulators that policy details and personal and banking information have been compromised
American insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary's systems and stole personal and bank account information of 4.38 million customers. [...]
The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero-day vulnerability in an Oracle PeopleSoft server. [...]
An attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance system
Spotted in intrusions targeting insurance, education, IT, and professional services sectors
A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026
As companies adopt AI, many insurance firms are explicitly excluding AI risks, while others are forging ahead to create the right framework. What risks can firms reasonably manage?
Helen Barge of Howden on Scaling Practical Cyber Support for Small BusinessesSmall and mid-sized businesses face unique cybersecurity barriers - from budget constraints to IT providers who fall short on basics - and need accessible, jargon-free guidance, said Helen Barge, principal and head of digital resilience services at global insurance group Howden.
Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix.
The cyber insurance industry has made relatively weak inroads into Asia due to a variety of factors, but that could be changing.
In this latest installment of the Reporters' Notebook video series, we discuss how cyber insurance is forcing organizations to quantify risk, what's covered (and what's not), and why this could be the best thing to happen to cybersecurity.
Incident Comes Months After NYS Fined Liberty Mutual $2M in Other HacksInsurance carrier Liberty Mutual is facing proposed class action litigation filed by policyholders who allege their sensitive information was compromised in an April data theft claimed by cybercrime gang Everest Group. The incident is the company's latest data security related troubles.
Josephine Wolff on Why Healthcare Must Scrutinize Cyber and AI CoverageHealthcare organizations face growing pressure to reassess cyber insurance policies as cyberattacks disrupt patient care and AI tools introduce new liability risks. Josephine Wolff of Tufts University discusses how exclusions, compliance demands and AI-related uncertainty shape insurance decisions.
An On Demand video from ID DatawebScattered Spider continues to evolve, and organizations across financial services, healthcare, insurance, telecommunications, and other sectors are strengthening defenses against increasingly sophisticated identity-driven threats.
State Insurance Officials Seeking Details About Service Firm's Mega Data BreachMissouri regulators are widening their investigation into the 204 hacking incident at Conduent Business Services, alleging that the company has stonewalled the state's attempts to obtain information about the data breach, which is estimated to affect more than 25 million people nationwide.
Allianz Retains Risk Exposure While Outsourcing Cyber Insurance OperationsAllianz will transition operational control of its standalone commercial cyber insurance business to Coalition, combining the insurer's global distribution and balance sheet with Coalition's cyber underwriting, monitoring and incident response capabilities in a long-term strategic partnership.
HHS OCR Breach Investigators Again Find All-Too-Common Risk Analysis FailuresFaulty or non-existent security risk analyses cost a medical imaging provider, a women's healthcare group, a health plan and a third-party insurance administrator a collective $1.7 million in fines after federal regulators concluded they didn't do enough to prevent ransomware attacks.
HHS OCR Breach Investigators Again Find All-Too-Common Risk Analysis FailuresFaulty or non-existent security risk analyses cost a medical imaging provider, a women's healthcare group, a health plan and a third-party insurance administrator a collective $1.7 million in fines after federal regulators concluded they didn't do enough to prevent ransomware attacks.