Insurance company State Farm revealed that a digital security incident might have exposed their customers’ personal information.
In August 2019, ZDNet obtained a copy of a letter in which State Farm disclosed a data breach. The insurance company specifically revealed that a bad actor had conducted a credential stuffing attack. This type of operation is where digital attackers leverage user IDs and passwords from other sources like the dark web to try to access customer accounts.
The company clarifies what happened next in its data breach notice: