Another massive data breach this year has exposed millions of people’s personal information. This time, it happened at an insurance company. AssuranceAmerica recently began notifying customers of a data breach affecting 6.9 million people, according to a data breach listing with the Indiana Attorney General’s Office. The Atlanta-based auto and renters insurance company provides coverage in more than a dozen states, including Arizona, Ohio, South Carolina, Texas, and Virginia. A copy of the notice sent to affected customers says the company first detected suspicious activity on parts of its information technology systems on March 17. The issue appears to have stemmed from malicious activity the day before that targeted one of the company’s employees. AssuranceAmerica says it immediately launched an investigation and hired external computer forensic specialists to determine what happened. The investigation found that the company was hit by an attack that allowed an unauthorized third party to access its IT systems and copy data files.

Because of the nature and scope of the files involved, the company did not complete its review until June 15. That review found that some customers’ personal information was included in the stolen files, including names, contact information, auto insurance policy and account information, driver and vehicle information, driver’s license numbers, and potentially Social Security numbers.