Progressive Auto Group Data Breach Exposes SSNs and Financial Information

Progressive Auto Group, a family-owned auto dealership group based in Massillon, Ohio, recently experienced a data breach involving the personal information of at least one New Hampshire resident.

The breach was carried out by the Nitrogen ransomware group, who claimed responsibility for stealing sensitive data from the company’s network. The group posted about the attack on a dark web site on July 15, 2025, claiming to have obtained not only client data but also driver and vehicle documents.

According to a disclosure filed with the New Hampshire Attorney General on Jan. 27, 2026, the unauthorized access occurred on June 20, 2025, when cybercriminals infiltrated Progressive Auto Group’s network and exfiltrated files containing customer information.

The types of information exposed in this incident include personally identifiable information (PII) such as Social Security numbers, debit or payment card numbers, driver’s licenses or state identification numbers, financial account numbers, names, and passport numbers.

The total number of affected individuals has not yet been disclosed, but at least one New Hampshire resident’s data was compromised.

Progressive Auto Group's response

Upon discovering the unauthorized activity, Progressive Auto Group secured its network and launched an internal investigation, as well as a third-party cybersecurity firm to assist in identifying the scope of the breach and the data involved.

For any affected individuals, the company mailed a notification letter and is offering a complimentary one-year membership to Epiq’s Privacy ID Solutions, which provides credit monitoring and identity protection services.

Given the nature of the breach and the types of data exposed, individuals who believe they may be affected should take the following steps:

• Monitor account statements and credit reports for any unauthorized activity
• Consider placing a fraud alert or security freeze on credit files with the major credit bureaus
• Take advantage of the complimentary credit monitoring service if offered
• Report any suspicious activity to financial institutions and law enforcement

A dedicated, toll-free call center has also been established to assist individuals seeking more information about the incident. Additional information on identity theft prevention, fraud alerts, and security freezes is provided in the company’s consumer notice.