Daniel H. Cook Associates Data Breach

On January 16, 2026, Daniel H. Cook Associates, Inc. (“DHCA”) notified affected individuals of a data security incident involving unauthorized access to its network. According to the notice, DHCA discovered unusual network activity on October 17, 2025, and immediately launched an investigation with the assistance of external cybersecurity experts. Following a comprehensive review, DHCA determined that certain files may have been accessed and/or acquired without authorization.

As a result of this investigation, DHCA confirmed that personal information belonging to certain individuals was present within the potentially affected data. While DHCA stated that it is not currently aware of any misuse of the information, affected individuals were formally notified in accordance with applicable data breach notification laws.

Daniel H. Cook Associates is a Third-Party Administrator (TPA) headquartered in New York, which processes claims and provides other services in the employee benefits field. They serve a clientele of over 75 organizations and more than 100,00 individual members.

Upon learning of the incident, the company took steps to secure its systems, implement additional safeguards, and reduce the risk of similar incidents occurring in the future.

As part of its response, DHCA has notified law enforcement, enhanced internal security protocols, and arranged for complimentary identity protection services to be provided to affected individuals. DHCA is offering 12 months of credit monitoring and identity theft protection through Epiq – Privacy Solutions ID, including single‑bureau credit monitoring with alerts, Social Security number and dark web monitoring, identity restoration services, lost wallet assistance, and $1 million in identity theft insurance. In addition, DHCA has established a toll‑free support center to assist individuals with questions related to the incident.

What information is involved in the Daniel H. Cook Associates, Inc. Data Breach?

Compromised information may include:

Your Personally Identifiable Information (PII) includes sensitive data that can uniquely identify you. If compromised, it may be used by criminals to commit identity theft, financial fraud, or other forms of impersonation. Protected Health Information (PHI) — a subset of PII — includes medical and insurance‑related details and is protected under federal and state privacy laws. When PHI is exposed, cybercriminals may combine it with other personal data to perpetrate more extensive fraud schemes.

DHCA encourages affected individuals to take proactive steps to protect themselves, including enrolling in the complimentary identity protection services, closely monitoring financial accounts, and reviewing credit reports for suspicious activity. Individuals may also wish to place fraud alerts or security freezes with the major credit bureaus (Experian, Equifax, and TransUnion) to reduce the risk of unauthorized activity.

Affected individuals are also advised to remain vigilant for incidents of fraud or identity theft and to promptly report any suspicious activity to financial institutions, credit reporting agencies, and law enforcement.

California residents benefit from additional privacy protections under the California Consumer Privacy Act (CCPA), which provides enhanced rights related to personal data. California also enforces the Confidentiality of Medical Information Act (CMIA), which imposes strict safeguards for medical information.

If you received a NOTICE OF DATA BREACH letter from Daniel H. Cook Associates, your personal information may be at risk. Identity thieves frequently use exposed Social Security numbers and identifying information to open fraudulent accounts, file false tax returns, or obtain unauthorized financial benefits.

Contact the Data Breach Lawyers at Emery | Reddy, PC for a Free Case Review today.