American Family Mutual Insurance Company, S.I. (American Family) will be sending out letters on or about May 14 to people who may have — or may not have — sought an auto insurance quote from the firm using the firm’s web site.
If you get a letter from them, read it carefully.
A letter signed by Chris Szafranski, Privacy Director, explains what happened:
We believe unauthorized parties may have used an automated bot process to obtain your driver’s license number by entering personal information (such as your name and address) they acquired from unknown sources into the American Family quoting platform.
We are notifying you because you may have been affected by this incident. If you did not request an insurance quote using the American Family quoting platform between February 6, 2021 and March 19, 2021, the unauthorized parties may have requested a quote in your name and may have obtained your driver’s license number. If, however, you did request a quote from the American Family quoting platform between February 6, 2021 and March 19, 2021, you are not impacted by this incident.
What Information Was Involved
To the extent you were affected by this incident, unauthorized parties may have obtained your driver’s license number.
We have reason to believe this data may be used to fraudulently apply for unemployment benefits in your name. Please carefully review any written communications you receive from your state’s unemployment agency, especially if you have not applied for unemployment benefits. If you suspect that your data has been used to fraudulently apply for unemployment benefits, you should contact the relevant state unemployment agency immediately.
The full notification, including steps you can take and an offer of credit monitoring services, is embedded below.
American Family Insurance will be notifying 283,734 people.
2021 American Family consumer notification FINAL
I received a letter similar to this but from “IMS c/o Midvale Indemnity Company, 245 Commerce Blvd, Liverpool NY13088” and with a lame low-res Midvale Home & Auto logo. They also gave an incorrect URL of security.identityforce.com instead of secure.identityforce.com.
Doesn’t feel me with a lot of confidence. How do I know this isn’t phishing?
Midvale’s web site establishes a connection between them and American Family Insurance. Apart from the wrong spelling on the subdomain, does their contact info for identityforce.com match the contact info on this page: https://www.identityforce.com/about/contact-us ?
Letter I received today had the correct URL. Not only can they not protect my information, they also can’t spell.
I’m going to seek out an attorney to file a class action lawsuit against them. The three of us living in my home all received the same letter. Shame on them for allowing our personal information to be leaked and they should pay!
I, too, received the letter and it was from IMS c/o American Family Mutual Insurance Company, same Liverpool NY address. I was struck by the somewhat blurry American Family letterhead in black and white rather than the red and blue logo. Should I trust this info or is someone trying to steal more info from me? I also looked up what to do if your driver’s license number is stolen and the website I checked said to notify your state BMV. Why didn’t this letter state that? And how is it possible to steal a driver’s license number using just your name and address? My license has been out of my wallet 3x since I received it, to vote and to get my Covid vaccinations.
Two drivers in my household received identical letters with the grainy “American Family Insurance” logo from the Liverpool, NY, address. That street address is where a large bulk mailer, IMS, does business, so it’s reasonable to assume that American Family Mutual Insurance Company contracted with IMS to send out some of the more than 280,000 letters about this data “incident.” Furthermore, here’s evidence that the insurance company notified the New Hampshire Attorney General of the breach: [url deleted by DataBreaches.net. This breach has been reported to a number of states by now.]
I’m inclined to believe that the data breach is real, but I’m at a loss to understand how my license number could have been stored by a third party (contracted by American Family Insurance), thus allowing for potential fraud.