Cyber Incident Victim: Alinsco Managing General Agency

On August 24, 2022, Alinsco Managing General Agency, Inc. detected unusual activity within one of its web applications, prompting an internal investigation conducted with assistance from a third-party data security firm. The Fort Worth-based insurance agency confirmed that an unauthorized party gained access to the compromised web application and the consumer information stored within it. The investigation revealed that sensitive personal data was exposed, including names, driver’s license numbers, government identification numbers, and financial account information. Alinsco reviewed affected files to identify impacted individuals, though the specific data elements varied per victim. The company did not disclose the duration of unauthorized access or the exact method of intrusion but acknowledged the breach’s confirmation through its forensic review.

Alinsco formally notified the Texas Attorney General’s office of the breach on November 3, 2022, disclosing that 656,282 Texas residents were affected alongside an undisclosed number of individuals in other U.S. states. The same day, the company issued individualized data breach notification letters to all confirmed victims, outlining the compromised data types and advising on identity theft prevention measures. Founded in 2003, Alinsco specializes in non-traditional auto insurance policies through a network of independent agents and reported $18 million in annual revenue at the time of the incident. The breach exposed policyholders’ sensitive identifiers linked to insurance products such as Alinsco Annual, Allinsco Bravo, and Alinsco Enhanced. No ransomware deployment, data ransom demands, or operational disruptions were reported in the available disclosures. The incident heightened identity fraud risks for victims due to the exposure of government-issued identifiers and financial details stored within the breached application.