Your data security at Estrella Insurance

At Estrella Insurance, protecting your personal information is a core responsibility — not just a policy, but a commitment backed by action and investment. We want you to understand exactly how we safeguard your data and what we have done to strengthen our security posture.

For over 40 years, millions of customers across the United States have trusted Estrella Insurance with their most important coverage decisions. That trust carries a responsibility we take seriously every single day.

Our security measures

We employ multiple layers of security to protect the personal information you share with us:

Encryption

All data transmitted between your browser and our systems is protected using industry-standard encryption protocols. Your personal information is encrypted both in transit and at rest, ensuring it remains protected at every stage.

Endpoint detection and response (EDR)

We have deployed advanced endpoint detection and response tools across our entire technology environment. These tools continuously monitor all systems for suspicious activity, providing real-time threat detection and automated response capabilities to neutralize potential threats before they can cause harm.

24/7 Security Operations Center (SOC) monitoring

Our systems are monitored around the clock by a dedicated Security Operations Center. This team provides continuous surveillance of our network and infrastructure, enabling rapid identification and response to any security events at any time of day or night.

Multi-factor authentication (MFA)

We require multi-factor authentication for all employee access to systems containing customer data. This adds an essential second layer of verification beyond passwords, significantly reducing the risk of unauthorized access even if credentials are compromised.

Employee cybersecurity training

Every Estrella Insurance employee participates in mandatory cybersecurity awareness training. This program covers phishing recognition, secure data handling practices, password hygiene, and incident reporting procedures. Training is conducted regularly and updated to address emerging threats.

Regular security assessments

We engage independent third-party security firms to conduct regular assessments of our infrastructure, including penetration testing and vulnerability scanning. These assessments help us identify and address potential weaknesses before they can be exploited.

Our response to the January 2025 security incident

On January 22, 2025, Estrella Insurance detected unauthorized access to certain systems through a ransomware attack. We took immediate action:

  • Contained the threat by isolating affected systems and resetting all credentials
  • Restored operations from secure backup data
  • Engaged experts including outside forensic cybersecurity specialists and legal counsel
  • Notified law enforcement to support the investigation
  • Identified affected individuals and sent notification letters beginning March 3, 2025
  • Provided support including complimentary credit monitoring services for all affected individuals

Our investigation determined that certain personal information may have been accessed during the incident. We took responsibility, communicated transparently with those affected, and moved swiftly to resolve the matter.

What we changed

The January 2025 incident prompted a comprehensive review and overhaul of our security infrastructure. The security measures described on this page — including our EDR deployment, 24/7 SOC monitoring, MFA rollout, enhanced encryption, and employee training programs — represent direct investments made in the wake of this incident. We are committed to continuously improving our security practices to protect the customers who trust us with their information.

How we protect your information

What we collect

We collect only the personal information necessary to provide you with accurate insurance quotes and manage your policies. This may include your name, contact details, driver’s license number, vehicle information, and other details relevant to your coverage needs.

How we store it

Your information is stored in encrypted databases with strict access controls. Only authorized employees who need access to perform their job responsibilities can view your data.

How long we keep it

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law and regulatory requirements applicable to the insurance industry.

Your rights

You have the right to access, correct, or request deletion of your personal information. For details on exercising these rights, please visit our Privacy Policy or contact us directly.

Frequently asked questions

Was Estrella Insurance hacked?

In January 2025, Estrella Insurance detected unauthorized access to certain systems through a ransomware attack. We responded immediately by resetting all credentials, restoring data from secure backups, engaging forensic cybersecurity experts, and notifying law enforcement. Since then, we have made significant investments in our security infrastructure including deploying endpoint detection and response (EDR) tools, implementing 24/7 SOC monitoring, rolling out multi-factor authentication across all systems, upgrading our encryption protocols, and conducting mandatory security training for all employees.

Is my data safe with Estrella Insurance?

Yes. Estrella Insurance has implemented comprehensive security measures to protect your personal information. These include end-to-end encryption for all data transmission and storage, multi-factor authentication for all system access, endpoint detection and response (EDR) tools that continuously monitor for threats, a 24/7 Security Operations Center (SOC) providing real-time monitoring and incident response, and regular third-party security assessments. We are committed to maintaining the highest standards of data protection.

What happened in the Estrella Insurance data breach?

On January 22, 2025, Estrella Insurance detected a ransomware attack on certain systems. We immediately took action to contain the incident, including resetting passwords, restoring files from backup data, and engaging outside forensic and legal experts. Our investigation determined that certain personal information may have been accessed. We notified all affected individuals in March 2025 and provided complimentary credit monitoring services. Since the incident, we have substantially upgraded our security infrastructure to prevent future occurrences.

What is Estrella Insurance doing to protect customer information?

Following the January 2025 incident, Estrella Insurance made significant security investments including: deploying advanced endpoint detection and response (EDR) tools across all systems, establishing 24/7 Security Operations Center (SOC) monitoring, implementing multi-factor authentication for all employee and customer access points, upgrading encryption protocols to current industry standards, and launching mandatory cybersecurity training programs for all employees. We continue to work with independent security experts to assess and strengthen our defenses.

How do I know if I was affected by the security incident?

Estrella Insurance sent notification letters to all individuals whose information may have been affected by the January 2025 incident. These letters were mailed beginning March 3, 2025. If you received a notification letter, your information may have been involved. If you did not receive a letter, your information was not identified as being affected. If you have any concerns, you can contact our security team at security@estrellainsurance.com or call 305-443-2829.

What should I do if I think my information was compromised?

If you believe your information may have been affected, we recommend the following steps: enroll in the complimentary credit monitoring services provided in your notification letter, review your bank and credit card statements regularly for any unauthorized activity, consider placing a fraud alert or credit freeze with the three major credit bureaus (Equifax, Experian, and TransUnion), and contact our security team at security@estrellainsurance.com for assistance. You can also report suspected identity theft to the Federal Trade Commission at identitytheft.gov.

Contact our security team

If you have questions or concerns about the security of your personal information, our dedicated security team is here to help.

Chat with your agent
An error has occurred. This application may no longer respond until reloaded. Reload 🗙