On or about February 4, 2026, Tower Administrative Services, Inc (“Tower”) became aware of suspicious activity involving its computer systems. According to the Notice of Data Breach, Tower promptly took steps to secure its network, initiated an internal investigation, and engaged third-party forensic specialists to determine what occurred.
Following the initial investigation, Tower confirmed that certain information may have been impacted as a result of unauthorized access occurring on or around February 3, 2026. The forensic review determined that files within Tower’s systems were subject to unauthorized access or acquisition. Because of the complexity and volume of data involved, it was not until May 20, 2026, that Tower completed its review, identified the individuals whose information may have been affected, and determined there was sufficient information to issue direct notification letters.
After identifying the affected data, Tower worked to resecure its network environment and strengthen its overall security posture. The company reported that it implemented additional technical safeguards and took further measures designed to reduce the risk of similar incidents in the future.
Tower Administrative Services, Inc. (TAS) administers payment of insurance premiums and provides customer service for bi-weekly mortgage acceleration programs.
Tower also stated that, at the time of notification, there was no evidence to suggest that any information had been misused. However, the investigation confirmed that unauthorized access to certain data may have occurred.
Individuals whose information may have been involved began receiving written notification letters in or around May 2026. If you received a Notice of Data Breach from Tower Administrative Services, it confirms that your personal information may have been impacted by this security incident.
As part of its response, Tower is offering affected individuals complimentary credit monitoring and identity protection services through Identity Force, a TransUnion company, for a specified duration, provided individuals enroll within the deadline outlined in their notification letter.
What information is involved in the Blue Fish Data Breach?
Compromised information may include:
First Name
Last Name
Date of Birth
Other Personally Identifiable Information (PII)
The specific data elements involved vary by individual and are detailed in each notification letter sent by Tower Administrative Services.
Your Personally Identifiable Information (PII) includes information that can be used to identify you, such as your name and other personal details. Organizations that maintain sensitive data are legally required to safeguard this information. When PII is exposed in a data breach, it can potentially be used by cybercriminals to commit identity theft, financial fraud, or other forms of misuse.
If your information was involved in this incident, it is important to remain vigilant. Impacted individuals are encouraged to carefully review financial account activity, credit reports, and any correspondence for suspicious or unfamiliar activity. Tower also advises reviewing the guidance provided with the notification letter, including steps related to credit monitoring, fraud alerts, credit freezes, and identity restoration services.
Consumers may have legal rights when companies fail to adequately safeguard sensitive personal data. These rights vary by state and may depend on the nature of the information exposed and the circumstances surrounding the breach.
If you received a Notice of Data Event / Notice of Data Breach related to the Tower Administrative Services, Inc incident, your personal information may be at risk.
Contact the Data Breach Attorneys at Emery | Reddy today for a Free Case Review.