Insurance Office of America Data Breach

On June 30, 2025, Insurance Office of America (“IOA”) discovered a cybersecurity incident involving unauthorized access to certain internal systems. According to the notice, IOA determined that an unauthorized third party accessed its network as the result of a phishing email attack. The investigation further revealed that between June 25, 2025 and June 30, 2025, certain data stored on IOA’s systems may have been accessed or acquired without authorization.

Upon discovering the incident, IOA immediately launched a comprehensive investigation with the assistance of external cybersecurity experts. Due to the nature and complexity of the files involved, IOA conducted a detailed, time‑intensive review of the affected data to determine whether personal information was present. IOA also notified certain customers and obtained required approvals prior to issuing individual notices.

Insurance Office of America provides insurance‑related services to a wide range of organizations, including insurance carriers, health plans, and employers. In the course of providing these services, IOA receives, processes, and maintains personally identifiable information (“PII”) and, in some cases, protected health information (“PHI”) related to insurance policies, claims processing, and benefits programs.

As part of its response, IOA took immediate steps to contain the incident, confirm the security of its network environment, and implement additional safeguards designed to prevent similar incidents in the future. While IOA stated that it is not currently aware of identity theft or fraud associated with the incident, the company is offering complimentary identity protection services to affected individuals.

IOA is providing 24 months of free credit monitoring and identity protection services through Epiq – Privacy Solutions ID. These services include credit monitoring with alerts, Social Security number monitoring, dark web monitoring, change‑of‑address monitoring, identity restoration services, lost wallet assistance, and up to $1 million in identity theft insurance.

What information is involved in the Insurance Office of America Data Breach?

Compromised information may include:

Your Personally Identifiable Information (PII) includes sensitive data that can uniquely identify you. When compromised, this information may be used by cybercriminals to commit identity theft, insurance fraud, medical identity theft, or other forms of misconduct. Protected Health Information (PHI) includes medical and insurance‑related details that are protected under federal and state privacy laws. Exposure of PHI may increase the risk of long‑term misuse of personal data.

IOA encourages affected individuals to take proactive protective measures, including enrolling in the complimentary identity protection services, reviewing financial and insurance statements for suspicious activity, and monitoring credit reports. Individuals may also consider placing fraud alerts or credit freezes with the major credit reporting agencies (Experian, Equifax, TransUnion, and Innovis) to reduce the risk of unauthorized activity.

Affected individuals are advised to remain vigilant for signs of fraud or identity theft and to report any suspicious activity to financial institutions, credit bureaus, law enforcement, or the Federal Trade Commission (FTC).

California residents benefit from enhanced privacy protections under the California Consumer Privacy Act (CCPA), which provides additional rights regarding personal data. Other states also provide privacy and consumer‑protection rights that may apply depending on residency.

If you received a NOTICE OF DATA BREACH letter from Insurance Office of America, your personal and/or health information may be at risk. Cybercriminals frequently exploit sensitive personal and insurance data to obtain unauthorized services, submit fraudulent claims, or engage in identity‑related fraud.

Contact the Data Breach Lawyers at Emery | Reddy, PC for a Free Case Review today.