DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

American Family Insurance to notify 283,734 of breach linked to unemployment benefits fraud

Posted on May 8, 2021 by Dissent

American Family Mutual Insurance Company, S.I. (American Family) will be sending out letters on or about May 14 to people who may have — or may not have — sought an auto insurance quote from the firm using the firm’s web site.

If you get a letter from them, read it carefully.
American Family Insurance logo

A letter signed by Chris Szafranski, Privacy Director, explains what happened:

We believe unauthorized parties may have used an automated bot process to obtain your driver’s license number by entering personal information (such as your name and address) they acquired from unknown sources into the American Family quoting platform.

We are notifying you because you may have been affected by this incident. If you did not request an insurance quote using the American Family quoting platform between February 6, 2021 and March 19, 2021, the unauthorized parties may have requested a quote in your name and may have obtained your driver’s license number. If, however, you did request a quote from the American Family quoting platform between February 6, 2021 and March 19, 2021, you are not impacted by this incident.

What Information Was Involved

To the extent you were affected by this incident, unauthorized parties may have obtained your driver’s license number.

We have reason to believe this data may be used to fraudulently apply for unemployment benefits in your name. Please carefully review any written communications you receive from your state’s unemployment agency, especially if you have not applied for unemployment benefits. If you suspect that your data has been used to fraudulently apply for unemployment benefits, you should contact the relevant state unemployment agency immediately.

The full notification, including steps you can take and an offer of credit monitoring services, is embedded below.

American Family Insurance will be notifying 283,734 people.

2021 American Family consumer notification FINAL
Category: Business SectorHackOf NoteU.S.

Post navigation

← Es: IT services of the Oviedo City Council knocked out
Noblr Reciprocal Exchange to notify 97,633 consumers of breach involving insurance quote platform →

6 thoughts on “American Family Insurance to notify 283,734 of breach linked to unemployment benefits fraud”

  1. Alan Crosswell says:
    May 17, 2021 at 2:50 pm

    I received a letter similar to this but from “IMS c/o Midvale Indemnity Company, 245 Commerce Blvd, Liverpool NY13088” and with a lame low-res Midvale Home & Auto logo. They also gave an incorrect URL of security.identityforce.com instead of secure.identityforce.com.

    Doesn’t feel me with a lot of confidence. How do I know this isn’t phishing?

    1. Dissent says:
      May 17, 2021 at 4:23 pm

      Midvale’s web site establishes a connection between them and American Family Insurance. Apart from the wrong spelling on the subdomain, does their contact info for identityforce.com match the contact info on this page: https://www.identityforce.com/about/contact-us ?

    2. David Lewis says:
      May 17, 2021 at 8:33 pm

      Letter I received today had the correct URL. Not only can they not protect my information, they also can’t spell.

  2. David Lewis says:
    May 17, 2021 at 8:31 pm

    I’m going to seek out an attorney to file a class action lawsuit against them. The three of us living in my home all received the same letter. Shame on them for allowing our personal information to be leaked and they should pay!

  3. Cathy Klenke says:
    May 18, 2021 at 10:04 am

    I, too, received the letter and it was from IMS c/o American Family Mutual Insurance Company, same Liverpool NY address. I was struck by the somewhat blurry American Family letterhead in black and white rather than the red and blue logo. Should I trust this info or is someone trying to steal more info from me? I also looked up what to do if your driver’s license number is stolen and the website I checked said to notify your state BMV. Why didn’t this letter state that? And how is it possible to steal a driver’s license number using just your name and address? My license has been out of my wallet 3x since I received it, to vote and to get my Covid vaccinations.

  4. Victor Luzaca says:
    May 18, 2021 at 2:52 pm

    Two drivers in my household received identical letters with the grainy “American Family Insurance” logo from the Liverpool, NY, address. That street address is where a large bulk mailer, IMS, does business, so it’s reasonable to assume that American Family Mutual Insurance Company contracted with IMS to send out some of the more than 280,000 letters about this data “incident.” Furthermore, here’s evidence that the insurance company notified the New Hampshire Attorney General of the breach: [url deleted by DataBreaches.net. This breach has been reported to a number of states by now.]

    I’m inclined to believe that the data breach is real, but I’m at a loss to understand how my license number could have been stored by a third party (contracted by American Family Insurance), thus allowing for potential fraud.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
  • Oklahoma Expands its Security Breach Notification Law
  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.