Progressive Insurance Company CyberSecurity Posture
progressive.com
Every journey has a beginning, and wherever you are on your career path, we want to help you along the way. At Progressive, we exist to help people move forward and live fully. We strive to create a welcoming and flexible work environment for everyone, where employees are encouraged to risk, learn, and grow. With our supportive culture, work-life balance, and one of the largest contemporary art collections in the country, there’s a reason we’ve been named one of the best places to work. For over 80 years, Progressive has offered customers a wide range of insurance choices, including auto, home, renters, commercial auto, small business, motorcycle, boat policies, and more. Progressive is the second largest auto insurer in the country—a combined effort of every single person at Progressive. We’re a dynamic group of more than 65,000 talented employees—from all walks of life, all fields of business, and all 50 states. Everyone here plays a role in our success as we continue to help our customers move forward and live fully. With hundreds of career paths including Claims, Customer Care, Sales, Marketing, Legal, IT, Data Analysis, and more, you are sure to find the destination for your career at Progressive.
Company Details
progressive-insurance
43,679
282,640
524
progressive.com
1670
PRO_2300011
Completed
Progressive Insurance Risk Score (AI oriented)Between 600 and 649
Progressive Insurance Global Score (TPRM)XXXX
Description: Hackers exploited vulnerabilities in an online quote tool used by Progressive Corporation (and other auto insurers) to steal driver’s license numbers and other personal information of over 825,000 New York residents. The stolen data was subsequently used to file fraudulent unemployment claims during the COVID-19 pandemic, leading to financial losses and reputational damage. The breach resulted from inadequate security measures, prompting New York’s Attorney General to impose a $14.2 million settlement (part of a larger $20.79 million recovery from 10 insurers). The incident highlights systemic failures in safeguarding sensitive customer data, exposing victims to identity theft and financial fraud. While no direct ransomware was involved, the exploitation of vulnerabilities enabled large-scale data theft with tangible financial consequences for affected individuals and the company.
Description: The Maine Office of the Attorney General disclosed a data breach at Progressive Northwestern Insurance Company, where an employee fraudulently used another individual’s identity to gain employment. Between October 26, 2023, and April 19, 2024, the imposter accessed sensitive customer data, including driver’s license numbers, Social Security numbers, payment card details, and financial account information. The breach impacted 14 Maine residents, exposing them to potential identity theft and financial fraud. In response, Progressive is providing two years of free credit monitoring and identity theft restoration services via Kroll to mitigate risks. The incident highlights internal security failures, as the misuse of credentials went undetected for nearly six months, allowing unauthorized access to highly confidential customer records. The compromised data could facilitate fraudulent activities, financial losses, or long-term reputational damage for affected individuals and the company.
No incidents recorded for Progressive Insurance in 2026.
No incidents recorded for Progressive Insurance in 2026.
No incidents recorded for Progressive Insurance in 2026.
Progressive Insurance cyber incidents detection timeline including parent company and subsidiaries
Every journey has a beginning, and wherever you are on your career path, we want to help you along the way. At Progressive, we exist to help people move forward and live fully. We strive to create a welcoming and flexible work environment for everyone, where employees are encouraged to risk, learn, and grow. With our supportive culture, work-life balance, and one of the largest contemporary art collections in the country, there’s a reason we’ve been named one of the best places to work. For over 80 years, Progressive has offered customers a wide range of insurance choices, including auto, home, renters, commercial auto, small business, motorcycle, boat policies, and more. Progressive is the second largest auto insurer in the country—a combined effort of every single person at Progressive. We’re a dynamic group of more than 65,000 talented employees—from all walks of life, all fields of business, and all 50 states. Everyone here plays a role in our success as we continue to help our customers move forward and live fully. With hundreds of career paths including Claims, Customer Care, Sales, Marketing, Legal, IT, Data Analysis, and more, you are sure to find the destination for your career at Progressive.
At State Farm®, our mission is to help people manage the risks of everyday life, recover from the unexpected, and realize their dreams. We are passionate and driven to create possibilities, and we’re serious about helping customers by providing solutions for all of life’s moments. Like a good neighb
Helvetia Baloise is the largest multi-line insurer in Switzerland and one of the leading insurance groups in Europe. Every day, more than 22,000 employees are committed to supporting around 13 million customers with insurance, pension and financial solutions – from private individuals and SMEs to in
SBI Life Insurance (‘SBI Life’ / ‘The Company’), one of the most trusted life insurance companies in India, was incorporated in October 2000 and is registered with the Insurance Regulatory and Development Authority of India (IRDAI) in March 2001. Serving millions of families across India, SBI Li
Bajaj General Insurance Limited (formerly known as Bajaj Allianz General Insurance Company Limited) is one of India’s leading, most trusted and dynamic private general insurance companies. It is a subsidiary of Bajaj Finserv Limited, India’s leading and most diversified financial services group. Ba
For 117 years, we have been helping customers across generations by protecting, preserving and growing what matters to them. As One Great Eastern Group today, we are enabling the goals of over 15.5 million customers by taking care of their needs across life, health, wealth and general insurance, con
Bajaj Life Insurance is among the fastest-growing life insurance companies in India, offering a wide range of plans, from ULIPs and term insurance to retirement and child policies, helping you secure your future and achieve your life goals. With over 3.85 crore policyholders, an AUM of ₹1.3 Lakh C
Bankers Life® focuses on the insurance and investment needs of middle-income Americans who are near or in retirement. The Bankers Life brand is part of CNO Financial Group, Inc. (NYSE: CNO), whose companies provide insurance and wealth management solutions that help protect the health and retirement
Suncorp offers insurance products and services through some of Australia and New Zealand’s most recognised brands. Our purpose is to build futures and protect what matters – the focus of our company for more than 100 years. With the passion of our people, and our portfolio of brands including AAM
Marsh McLennan Agency, a business of Marsh (NYSE: MRSH), is a leading provider of business insurance, employee health & benefits, retirement & wealth, and private client insurance solutions across the US and Canada. Marsh is a global leader in risk, reinsurance and capital, people and investments, a
.png)
Progressive Insurance® today announced a new pet insurance offering designed to help people get the care their pets need by making...
Progressive (NYSE:PGR) launched a new pet insurance product for cats and dogs on January 20, 2026, underwritten directly by Progressive and...
Progressive is one of the biggest names in auto insurance with a wide range of coverage options and perks that appeal to all kinds of...
The National Institute of Standards and Technology (NIST) recently awarded Ohio University's J. Warren McClure School of Emerging...
Progressive deepens its collaboration with fintech Best Egg, adding a new personal loan provider to its ecosystem to give customers more...
Toyota Motor North America Inc and Progressive Insurance can arbitrate a driver's claims over the automaker sharing driving data with the...
Progressive Direct Insurance Co. agreed to a $500000 class action lawsuit settlement to resolve claims it violated Florida law by sending late-night emails...
DeepKeep, a platform ensuring secure and trustworthy enterprise AI, has been recognized as a 'Progressive Company' in the Generative AI...
Progressive Corp. was hit with a proposed class action alleging it charged Uber Technologies Inc. passengers in California for a policy...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Progressive Insurance is https://careers.progressive.com/.
According to Rankiteo, Progressive Insurance’s AI-generated cybersecurity score is 645, reflecting their Poor security posture.
According to Rankiteo, Progressive Insurance currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Progressive Insurance has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
According to Rankiteo, Progressive Insurance is not certified under SOC 2 Type 1.
According to Rankiteo, Progressive Insurance does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Progressive Insurance is not listed as GDPR compliant.
According to Rankiteo, Progressive Insurance does not currently maintain PCI DSS compliance.
According to Rankiteo, Progressive Insurance is not compliant with HIPAA regulations.
According to Rankiteo,Progressive Insurance is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Progressive Insurance operates primarily in the Insurance industry.
Progressive Insurance employs approximately 43,679 people worldwide.
Progressive Insurance presently has no subsidiaries across any sectors.
Progressive Insurance’s official LinkedIn profile has approximately 282,640 followers.
Progressive Insurance is classified under the NAICS code 524, which corresponds to Insurance Carriers and Related Activities.
No, Progressive Insurance does not have a profile on Crunchbase.
Yes, Progressive Insurance maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/progressive-insurance.
As of January 23, 2026, Rankiteo reports that Progressive Insurance has experienced 2 cybersecurity incidents.
Progressive Insurance has an estimated 15,154 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Total Financial Loss: The total financial loss from these incidents is estimated to be $14.20 million.
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with likely (given public disclosure and remediation offers), and third party assistance with kroll (for credit monitoring and identity theft restoration), and remediation measures with offering 2 years of free credit monitoring, remediation measures with providing identity theft restoration services via kroll, and communication strategy with public disclosure via maine office of the attorney general, and law enforcement notified with yes (new york state attorney general’s office investigation)..
Title: Data Breach at United Financial Casualty Company and Progressive Northwestern Insurance Company
Description: An employee misused someone else's identity to obtain employment and gained unauthorized access to sensitive customer information, including driver’s license numbers, Social Security numbers, payment card numbers, and financial account numbers. Fourteen Maine residents were affected.
Date Publicly Disclosed: 2024-06-07
Type: Data Breach (Insider Threat / Identity Misuse)
Attack Vector: Insider Threat (Fraudulent Employment via Identity Theft)
Vulnerability Exploited: Lack of robust identity verification during hiring process
Threat Actor: Malicious Insider (Employee using stolen identity)
Motivation: Unauthorized access to sensitive data (potential financial gain or fraud)
Title: Auto Insurance Companies Data Breach Leading to Fraudulent Unemployment Claims
Description: Hackers exploited vulnerabilities in quote tools used by auto insurance companies to steal driver’s license numbers. Some of the stolen data was used to file fraudulent unemployment claims during the COVID-19 pandemic. New York State Attorney General Letitia James secured $14.2 million in settlements from eight companies, bringing the total recovered to $20.79 million from 10 insurers for data security failures.
Date Publicly Disclosed: 2023-11-07T00:00:00Z
Type: data breach
Attack Vector: exploitation of quote tool vulnerabilitiesunauthorized access
Vulnerability Exploited: Vulnerabilities in online quote tools
Motivation: financial gainfraud (unemployment claims)
Common Attack Types: The most common types of attacks the company has faced is Breach.
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Fraudulent employment using stolen identity and Vulnerabilities in quote tools.
Data Compromised: Driver’s license numbers, Social security numbers, Payment card numbers, Financial account numbers
Brand Reputation Impact: Potential reputational damage due to insider breach and identity theft
Identity Theft Risk: High (SSNs, financial data exposed)
Payment Information Risk: High (payment card numbers exposed)
Financial Loss: $14.2 million (settlements from 8 companies); $20.79 million total from 10 insurers
Data Compromised: Driver’s license numbers
Systems Affected: online quote tools
Brand Reputation Impact: High (due to fraudulent use of stolen data and regulatory action)
Legal Liabilities: $14.2 million in settlements (8 companies); $20.79 million total (10 insurers)
Identity Theft Risk: High (driver’s license numbers used for fraudulent unemployment claims)
Average Financial Loss: The average financial loss per incident is $7.10 million.
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information (Pii), Financial Data, , Driver’S License Numbers and .
Entity Name: United Financial Casualty Company
Entity Type: Insurance Company
Industry: Insurance
Location: USA (Maine residents affected)
Customers Affected: 14 (Maine residents)
Entity Name: Progressive Northwestern Insurance Company
Entity Type: Insurance Company
Industry: Insurance
Location: USA (Maine residents affected)
Customers Affected: 14 (Maine residents)
Entity Type: auto insurance companies
Industry: insurance
Location: New York State, USA
Customers Affected: 825,000+ residents
Incident Response Plan Activated: Likely (given public disclosure and remediation offers)
Third Party Assistance: Kroll (for credit monitoring and identity theft restoration)
Remediation Measures: Offering 2 years of free credit monitoringProviding identity theft restoration services via Kroll
Communication Strategy: Public disclosure via Maine Office of the Attorney General
Law Enforcement Notified: Yes (New York State Attorney General’s office investigation)
Incident Response Plan: The company's incident response plan is described as Likely (given public disclosure and remediation offers).
Third-Party Assistance: The company involves third-party assistance in incident response through Kroll (for credit monitoring and identity theft restoration).
Type of Data Compromised: Personally identifiable information (pii), Financial data
Number of Records Exposed: 14 (Maine residents)
Sensitivity of Data: High (SSNs, financial account numbers, driver’s license numbers)
Data Exfiltration: Likely (employee had access to data)
Personally Identifiable Information: Social Security numbersDriver’s license numbersPayment card numbersFinancial account numbers
Type of Data Compromised: Driver’s license numbers
Number of Records Exposed: 825,000+
Sensitivity of Data: High (personally identifiable information)
Data Exfiltration: Yes
Personally Identifiable Information: Yes (driver’s license numbers)
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Offering 2 years of free credit monitoring, Providing identity theft restoration services via Kroll, .
Regulatory Notifications: Maine Office of the Attorney General
Regulations Violated: New York State data protection laws (implied),
Fines Imposed: $14.2 million (8 companies); $20.79 million total (10 insurers)
Legal Actions: Settlements secured by New York State Attorney General
Regulatory Notifications: Yes (public disclosure by Attorney General’s office)
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Settlements secured by New York State Attorney General.
Source: Maine Office of the Attorney General
Date Accessed: 2024-06-07
Source: New York State Attorney General Press Release
Date Accessed: 2023-11-07
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney GeneralDate Accessed: 2024-06-07, and Source: New York State Attorney General Press ReleaseDate Accessed: 2023-11-07.
Investigation Status: Disclosed (ongoing or completed not specified)
Investigation Status: Completed (settlements reached)
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public disclosure via Maine Office of the Attorney General.
Customer Advisories: Offer of 2 years free credit monitoring and identity theft restoration via Kroll
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Offer of 2 years free credit monitoring and identity theft restoration via Kroll.
Entry Point: Fraudulent employment using stolen identity
High Value Targets: Customer PII and financial data
Data Sold on Dark Web: Customer PII and financial data
Entry Point: Vulnerabilities in quote tools
High Value Targets: Driver’S License Numbers,
Data Sold on Dark Web: Driver’S License Numbers,
Root Causes: Insufficient Identity Verification During Hiring, Lack Of Monitoring For Insider Threats,
Root Causes: Inadequate Security Measures In Online Quote Tools,
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Kroll (for credit monitoring and identity theft restoration).
Last Attacking Group: The attacking group in the last incident was an Malicious Insider (Employee using stolen identity).
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-11-07T00:00:00Z.
Highest Financial Loss: The highest financial loss from an incident was $14.2 million (settlements from 8 companies); $20.79 million total from 10 insurers.
Most Significant Data Compromised: The most significant data compromised in an incident were Driver’s license numbers, Social Security numbers, Payment card numbers, Financial account numbers, , driver’s license numbers and .
Most Significant System Affected: The most significant system affected in an incident was online quote tools.
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Kroll (for credit monitoring and identity theft restoration).
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were driver’s license numbers, Social Security numbers, Driver’s license numbers, Payment card numbers and Financial account numbers.
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 825.0K.
Highest Fine Imposed: The highest fine imposed for a regulatory violation was $14.2 million (8 companies); $20.79 million total (10 insurers).
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Settlements secured by New York State Attorney General.
Most Recent Source: The most recent source of information about an incident are Maine Office of the Attorney General and New York State Attorney General Press Release.
Current Status of Most Recent Investigation: The current status of the most recent investigation is Disclosed (ongoing or completed not specified).
Most Recent Customer Advisory: The most recent customer advisory issued was an Offer of 2 years free credit monitoring and identity theft restoration via Kroll.
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Fraudulent employment using stolen identity and Vulnerabilities in quote tools.
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Insufficient identity verification during hiringLack of monitoring for insider threats, Inadequate security measures in online quote tools.
.png)
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
Azure Entra ID Elevation of Privilege Vulnerability
Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover LDAP entries on the server such as user IDs and user attributes. This issue has been fixed in version 0.10.0.
Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManager fails to sanitize the filenames of uploaded backups. The system persists user-uploaded files directly to the host filesystem using the raw originalname provided in the request. This allows an attacker to stage a file containing shell metacharacters (e.g., $(id).tar.gz) at a predictable path, which is later referenced during the restore process. The successful storage of the file is what allows the subsequent restore command to reference and execute it. This issue has been fixed in version 4.7.0.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid