Cyber Incident Victim: Amerigroup Insurance Company

On October 6, 2022, Amerigroup Insurance Company reported a data breach to the Texas Attorney General’s Office, disclosing unauthorized access to sensitive consumer information. The compromised data included affected individuals’ names, addresses, Social Security numbers, and health insurance information. Amerigroup did not publicly disclose the cause of the breach or post details about the incident on its website, leaving the root cause undetermined. The company estimated that 1,189 Texas residents were impacted, though its nationwide operations suggested a significantly higher total number of U.S. victims. Amerigroup issued data breach notification letters to all affected parties on the same day as its regulatory filing, advising them on protective measures against identity theft and fraud. The breach occurred amid a broader surge in U.S. data security incidents, with 2021 setting a record for breaches at 68% higher than the previous year.

Amerigroup, founded in 1994 as AMERICAID, is a Virginia Beach-based insurer specializing in Medicare, Medicaid, and other public healthcare programs for seniors, low-income families, people with disabilities, and government employees. With over 13,728 employees and $4 billion in annual revenue, it ranks among the nation’s largest providers of publicly funded healthcare coverage. The breach exposed highly sensitive personal and health insurance data, increasing risks of identity theft and dark web fraud for victims. No operational disruptions, attacker methodologies, or containment actions were described in the Texas filing or subsequent communications. The company’s limited public disclosure restricted available details about the breach’s timeline, detection methods, or full geographic scope beyond the confirmed Texas cases. Affected individuals were directed to monitor their financial accounts and credit reports following the notifications.