United States based insurance company State Farm has begun to send out email notifications to users whose online account login credentials were discovered by an attacker during a credential stuffing attack. Credential stuffing attacks are when attackers compile usernames and passwords that were leaked from different company’s data breaches and use those credentials to try and gain access to accounts at other sites. This type of attack works particularly well against users who use the same password at every site. The 2019 State of the Internet report by Akamai states 28 billion credential stuffing attempts were detected in the second half of 2018.
Source: https://www.bleepingcomputer.com/news/security/state-farm-accounts-compromised-in-credential-stuffing-attack/