An aggressive social engineering technique has been used by ClickLock, an information-stealing macOS malware, to obtain victims' informa...
Nearly seven million people are being notified after a cyberattack on Atlanta-based auto insurer AssuranceAmerica exposed highly sensitive personal information, including driver's license numbers, Social Security numbers and insurance records, raising concerns about long-term identity theft risks.
According to the company's breach notice and filings submitted to state regulators, the incident began on March 16, 2026, when a threat actor gained unauthorized access to AssuranceAmerica's internal network using compromised employee credentials obtained through a phishing attack. The company detected suspicious activity the following day, secured the affected systems, and launched a forensic investigation to determine the scope of the compromise.
The investigation later revealed that the attackers had copied files containing personal information belonging to approximately 6.99 million individuals. The exposed data varies by person but may include names, residential addresses, driver's license numbers, Social Security numbers, taxpayer identification numbers, insurance policy and account details, claims information, as well as driver and vehicle records.
The scale of the breach makes it one of the larger disclosures involving government-issued identity documents this year. South Carolina alone reported that 611,046 residents may have been affected, according to the state's Department of Consumer Affairs.
Unlike passwords, driver's license numbers are not easily replaced after they are exposed. These identifiers are widely used to verify identity across banks, insurers, vehicle rental companies, government agencies and financial institutions. When combined with Social Security numbers and other personally identifiable information, they can enable criminals to apply for loans, open fraudulent accounts, submit false tax returns or impersonate victims during identity verification processes.
Law firm Edelson Lechtzin LLP, which announced an investigation into the incident, warned that the compromised information could be used to facilitate identity theft and other forms of financial fraud.
Although AssuranceAmerica identified the intrusion within roughly 24 hours, affected individuals were not notified until late June after investigators completed their review of the compromised data on June 15. The nearly three-month gap between the initial breach and customer notifications has drawn attention to the time required to determine exactly whose information had been accessed before notifications could be issued.
In its public notice, AssuranceAmerica said it disabled the compromised accounts, reset credentials, strengthened network monitoring and provided additional cybersecurity awareness training to employees. The company also engaged external forensic specialists to investigate the incident. However, it has not publicly confirmed whether all affected individuals will receive complimentary credit monitoring or identity protection services.
The AssuranceAmerica breach comes amid a growing number of incidents involving government-issued identity documents. In June, Texas disclosed a separate cyberattack affecting approximately three million driver's license and passport records maintained by the Texas Parks and Wildlife Department, adding to a broader trend of organizations reporting the theft of sensitive identification data.
The growing reliance on digital identity verification has also increased the amount of personal identification collected by businesses and online platforms. As governments and private organizations increasingly require users to upload driver's licenses and other official documents for account verification and age checks, cybersecurity experts warn that breaches involving these records can have lasting consequences because many of these identifiers cannot be easily changed once exposed.
Individuals who may have been affected are encouraged to closely review financial and insurance accounts for suspicious activity, consider placing a credit freeze or fraud alert with the major credit bureaus, monitor their credit reports for unauthorized accounts and remain cautious of phishing emails or phone calls that attempt to exploit information exposed during the breach. Victims should also follow guidance issued by their state consumer protection agencies and promptly report any suspected identity theft.
The Coca-Cola Company has revealed that a ransomware attack targeting its Fairlife dairy business has temporarily disrupted production across the United States after threat actors gained unauthorized access to company systems, including those supporting manufacturing operations.
The incident was disclosed in a Form 8-K filing with the U.S. Securities and Exchange Commission (SEC), a regulatory filing used by publicly traded companies to report significant corporate events. According to Coca-Cola, the cyberattack affected certain Fairlife systems, including production-related infrastructure, prompting the company to temporarily suspend manufacturing at its U.S. facilities while recovery efforts are underway.
Upon detecting the unauthorized activity, Coca-Cola said it immediately activated its incident response and business continuity protocols to contain the incident and minimize operational disruption. The company has engaged external cybersecurity advisors and experts to support its investigation and recovery efforts, while law enforcement has also been notified.
Although manufacturing operations have been interrupted, Coca-Cola emphasized that the ransomware attack has not affected the quality or safety of Fairlife products. The temporary production halt is part of the company's response as it works to restore impacted systems and verify operational readiness before resuming normal manufacturing activities. Fairlife's Canadian production facilities continue to operate normally and have not been affected by the incident.
The company said its investigation remains ongoing and that it is continuing to assess both the nature of the attack and its potential business impact. At this stage, Coca-Cola has not determined whether the incident is reasonably likely to have a material effect on the company's financial condition or overall operations.
Fairlife is one of Coca-Cola's dairy brands and manufactures a range of ultra-filtered milk products, protein shakes and nutrition beverages sold across the United States. Its product portfolio includes Ultra-Filtered Milk, Core Power Protein Shakes and Nutrition Plan.
Several aspects of the incident remain undisclosed. Coca-Cola has not confirmed whether attackers exfiltrated any data during the intrusion, whether the company has received an extortion demand or which ransomware operation may be responsible for the attack. As of publication, no known ransomware group has publicly claimed responsibility for the incident.
Ransomware attacks increasingly target organizations' operational environments in addition to traditional corporate networks, as disrupting production can exponentially multiply pressure on victims during recovery efforts. Many modern ransomware operations also employ double-extortion tactics by stealing sensitive information before encrypting systems and later threatening to publish the stolen data unless a ransom is paid. However, Coca-Cola has not indicated that any data theft occurred in this incident, and there is currently no public evidence confirming that attackers exfiltrated information from Fairlife's systems.
When asked whether data had been stolen, whether the company had received an extortion demand or which ransomware group may have been behind the attack, a Coca-Cola spokesperson declined to provide additional details beyond the company's public statement.
Coca-Cola continues to restore affected systems while its investigation remains ongoing, with U.S. Fairlife production expected to resume once recovery efforts are completed and manufacturing systems have been safely brought back online.