A cyberattack on a major U.S. insurance company has compromised millions of driver's license numbers, marking the largest known breach of this data type in 2026.
The breach affected a significant portion of the insurance industry's customer database, exposing sensitive identification documents across multiple states. The attack represents a critical failure in data security for one of the nation's largest insurers.
Driver's license numbers are particularly valuable to cybercriminals. Combined with other personal information, they enable identity theft, fraudulent applications for credit and services, and unauthorized access to government systems.
The insurance company discovered the breach during routine security audits and has begun notifying affected customers. Authorities are investigating the incident to determine how attackers accessed the protected database and whether additional data was compromised.
This breach joins a growing list of major incidents targeting financial and insurance sectors. Industry analysts note that insurers hold some of the most sensitive personal information, making them high-priority targets for organized cybercriminal groups.
Affected individuals are being offered credit monitoring services. Experts recommend placing fraud alerts with credit bureaus and monitoring financial accounts for suspicious activity.
The incident raises questions about data storage practices across the insurance industry. Regulators are expected to intensify scrutiny of cybersecurity protocols at major financial institutions. The breach may accelerate discussions around stricter data protection requirements and stronger enforcement of existing regulations.
State insurance commissioners have requested detailed breach reports from the affected company. Some states are considering whether additional penalties or mandated security improvements are warranted.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.