In May 2023, Progressive Casualty Insurance experienced a significant data breach that became public in August 2023. Unauthorized individuals accessed consumers’ Personally Identifiable Information (PII) due to improperly shared access credentials by some of Progressive’s third-party vendors. This breach led to a class-action lawsuit alleging negligence in securing and protecting personal data from hackers.
The breach affected approximately 347,000 individuals. The exposed data included a wide range of sensitive information such as names, addresses, driver’s license numbers, email addresses, phone numbers, Social Security numbers, dates of birth, and bank account details, including routing and checking account numbers.
Unauthorized access to Progressive’s data was achieved by exploiting improperly shared access credentials from third-party vendors. The exact method of how the infiltration occurred remains unclear, but it highlighted vulnerabilities in the management of third-party access.
In response to the breach, Progressive planned to offer affected customers credit monitoring and identity protection services. While specific security measures taken to address and prevent future breaches were not detailed, the company is expected to enhance its security posture to protect against similar incidents.
Reference:
