Insurance Office of America (IOA) has disclosed a security breach affecting over 12,000 individuals, including sensitive personal data. The breach was linked to a phishing attack that compromised internal systems and exposed private information processed for insurance services.
Insurance Office of America’s Data Breach Investigation
Insurance Office of America (“IOA”), a provider of insurance-related services to carriers, health plans, and employers, recently confirmed a significant data breach impacting 12,913 individuals. The incident stemmed from a phishing email attack that allowed unauthorized access to IOA’s internal systems between June 25 and June 30, 2025. During this time, certain files containing personally identifiable and potentially protected health information were accessed or acquired.
IOA first became aware of the breach on June 30, 2025, and immediately launched an investigation with the help of cybersecurity experts. Their analysis revealed that the compromised systems housed sensitive information used in insurance policy management, claims processing, and employee benefit programs. Although the breach affected just 15 Maine residents, over 12,000 individuals nationwide may have been impacted.
Due to the complexity and nature of the data, IOA undertook a time-consuming forensic review in collaboration with both internal teams and external specialists. Moreover, before alerting affected individuals, IOA was required to notify and obtain approval from its clients—health plans, carriers, and employers—delaying individual notifications until early January 2026.
Despite the sensitive nature of the compromised information, IOA stated that they have not seen evidence of identity theft or fraud related to the breach. Nonetheless, to reassure consumers and mitigate risks, they are offering two years of free credit monitoring services through Epiq.
This incident underlines the broader vulnerability of third-party service providers in the insurance and healthcare industries. IOA’s situation reinforces the need for stronger cybersecurity protocols, especially given their responsibility for safeguarding sensitive data on behalf of multiple organizations. For individuals affected, it’s critical to remain vigilant, as their personal data may have been left exposed by a lapse beyond their control.
When Did This Breach Occur?
The breach occurred between June 25, 2025, and June 30, 2025, and was discovered by IOA on January 11, 2026.
What Information Was Breached?
The information potentially exposed in this breach includes:
-
Full name
-
Personal identifier (not specified, but likely includes items such as Social Security number, health plan ID, or insurance information)
-
Possibly protected health information (based on the nature of IOA’s services)
What You Can Do
If you received a notice from IOA or suspect your data may have been included, take these immediate steps:
-
Enroll in the free 24-month credit monitoring service provided by Epiq to watch for suspicious activity.
-
Place a fraud alert on your credit reports by contacting one of the three major credit bureaus (Experian, Equifax, TransUnion).
-
Consider freezing your credit to prevent new accounts from being opened in your name.
-
Review your insurance and health records for unusual activity or unauthorized claims.
-
Stay alert for phishing emails or scams attempting to exploit your compromised information.
If you were impacted, Class Action U can help you determine your legal options. Many people don’t realize they have a right to join a class action lawsuit and potentially recover compensation. Don’t leave money on the table—get connected today.
File a Data Breach Lawsuit Against Insurance Office of America
If you received a data breach notification from Insurance Office of America, you may be entitled to compensation for damages, time spent protecting your identity, or losses related to this incident. Companies that handle sensitive information are legally required to implement robust cybersecurity measures—and when they fail, they should be held accountable.
Whether you’ve already suffered harm or simply want to ensure this doesn’t happen again, taking legal action sends a clear message: consumer data protection matters.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.
