State Farm – the largest property and casualty insurance provider in the US - has been compromised in a credential stuffing attack. The firm acknowledged the cyberattack, filing a data breach notification with the California Attorney General, and on Wednesday (August 07), it sent out “Notice of Data Breach” emails to users whose online account log-in credentials were obtained by a bad actor.
The insurer’s data breach notification email read: “State Farm recently detected an information security incident in which a bad actor used a list of user IDs and passwords obtained from some other source, like the dark web, to attempt to access to State Farm online accounts. During our investigation, we determined that the bad actor possessed the user ID and password for your State Farm online account.”
You've reached your limit - Register for free now for unlimited access
To read the full story, and get unlimited access to Insurance Business website content, just register for free now. GET STARTED HERE
Already a website member? Log in below.