The Automobile Club of Southern California Data Breach

The Automobile Club of Southern California (“ACSC”) recently disclosed a third-party vendor cybersecurity incident that may have exposed sensitive member information. According to ACSC, one of its software vendors, DanubeNet, Inc. d/b/a Driving School Solutions (“DSS”), experienced unauthorized access to systems containing certain member records. The potentially exposed information reportedly included names and driver’s permit or license numbers. Affected individuals are being offered complimentary identity protection services through Epiq.

Automobile Club of Southern California’s Data Breach Investigation

According to the notification letter issued by ACSC, the organization learned on December 22, 2025, that one of its third-party vendors, Driving School Solutions (“DSS”), experienced a cybersecurity incident affecting its systems. DSS is described as a software provider that offers management software solutions for driving schools.

The incident reportedly involved unauthorized access to records stored within DSS systems between July 10, 2025, and August 19, 2025. After becoming aware of the incident, ACSC launched its own investigation to determine whether any information connected to ACSC members may have been involved.

According to ACSC, the investigation determined on January 16, 2026, that files containing information belonging to ACSC members were potentially impacted by the DSS incident. The organization then conducted a review of the affected files and, on February 20, 2026, identified records containing member names and driver’s permit or license numbers.

Although the organization stated that it has no evidence of misuse of the exposed information, driver’s license numbers and identification information can still create privacy and fraud-related concerns. Cybercriminals may potentially use exposed identification data in phishing schemes, identity theft attempts, fraudulent account activity, or social engineering scams.

Third-party vendor incidents have become increasingly common because organizations often rely on outside technology providers to store and process sensitive information. Even when an organization’s own systems are not directly breached, customers and members may still face risks if a vendor suffers unauthorized access to sensitive data.

In response to the incident, ACSC stated that it worked closely with DSS to understand how the breach occurred and review the additional security measures DSS implemented following the attack. ACSC also arranged for affected individuals to receive complimentary identity monitoring and credit protection services through Epiq.

When Did This Breach Occur?

The unauthorized access to DSS systems reportedly occurred between July 10, 2025, and August 19, 2025.

ACSC became aware of the incident on December 22, 2025, and determined on January 16, 2026, that ACSC member information may have been involved. The organization identified affected records on February 20, 2026.

What Information Was Breached?

According to ACSC, the potentially exposed information may have included:

• Names
• Driver’s permit numbers
• Driver’s license numbers

The organization stated that these records were identified within files potentially involved in the DSS cybersecurity incident.

What You Can Do

If you received a notice from the Automobile Club of Southern California regarding this incident, there are several important steps you can take to help protect your information:

• Enroll in the complimentary 12-month identity protection and credit monitoring services offered through Epiq Privacy Solutions ID.
• Monitor your credit reports and financial accounts regularly for suspicious activity.
• Review driver’s license records and notifications for unauthorized changes or misuse.
• Consider placing a fraud alert or security freeze with Equifax, Experian, and TransUnion.
• Obtain free annual credit reports through AnnualCreditReport.com.
• Be cautious of phishing emails, calls, or text messages requesting sensitive personal information.
• Promptly report suspicious activity to financial institutions, credit bureaus, or law enforcement authorities.

The complimentary Epiq services reportedly include:

• 1-Bureau credit monitoring
• Credit report and score access
• Social Security number monitoring
• Dark web monitoring
• Identity restoration services
• Up to $1 million in identity theft insurance coverage

ACSC also encouraged affected individuals to carefully review the enrollment instructions provided in the notification letter.

File a Data Breach Lawsuit Against Automobile Club of Southern California

Individuals affected by the Automobile Club of Southern California data breach may have legal rights and could qualify to pursue compensation related to the exposure of their sensitive personal information. Data breach lawsuits may seek compensation for privacy violations, identity theft risks, out-of-pocket expenses, time spent addressing fraud concerns, and other damages associated with unauthorized disclosure of personal information.

Organizations that share sensitive member data with third-party vendors are expected to implement reasonable safeguards and vendor oversight practices to help protect that information from unauthorized access. When those protections fail, affected individuals may face ongoing privacy and security concerns.

Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.