Insurance Office of America 2025 Data Breach
ObscureIQ Breach Intelligence
High SeverityWebsite / service breach
Insurance Office of America Brokerage Breach (2025): 144K Client SSN & Contact Records Exposed
Insurance brokerage and risk management services firm.
Verified by ObscureIQ Intelligence
69/100Breach Risk Index
25Data Value
40Market Recency
214dSince Breach
Breach Intelligence Summary
Entity: Insurance Office of America · Actor: Daixin Team · Sources: 2 references
Attack: Unknown
Profile: Financial institution · Insurance brokerage services · Risk and insurance advisory firm · USA
Timeline: Breach (2025-09-15) · Indexed (Sep 25, 2025) · Year (2025)
Exposure: 144K records · 4 fields: Email Address, Full Name, Phone Number, Social Security Number
Status: Reported
Executive Summary
Insurance Office of America, one of the largest privately held independent U.S. insurance brokerages, suffered a cybersecurity incident between June 25 and June 30, 2025. The company identified the unauthorized access on June 30 and engaged external cybersecurity specialists to investigate. The Daixin Team, a ransomware and extortion group active since 2022, claimed responsibility on a dark-web leak site on July 2, 2025, asserting it had obtained more than 100,000 internal documents.\n\nThe breach was formally disclosed to multiple state attorneys general beginning January 16, 2026, more than six months after the original intrusion. Have I Been Pwned and other breach-tracking services index approximately 144,000 records, while IOA's internal estimates initially put the affected population at around 12,900 individuals. Compromised fields include names, email addresses, phone numbers, and Social Security numbers. As an insurance brokerage handling commercial and individual client policies, IOA's records also include employer relationships and policy details, although those broader categories were not specifically named in the public disclosure.\n\nFor affected individuals, the practical risk is concentrated in identity-fraud and insurance-themed phishing scenarios. The combination of name, phone number, and Social Security number is a strong base for fraudulent credit applications, tax-return fraud, and identity-verification bypass. Insurance-specific scams referencing real coverage, policy numbers, or employer benefits programs are a particular concern given the brokerage context. Affected individuals should accept the credit monitoring offered by IOA, freeze credit at all three U.S. bureaus, monitor financial accounts closely, and remain alert to unsolicited messages purporting to come from IOA, current or former employers' benefits programs, or insurance carriers.
ObscureIQ assessment: High risk of identity theft, insurance fraud, claims impersonation, and financially themed phishing. Brokerage data can also reveal corporate insurance relationships and personal risk profiles.
Breach Impact
Direct institutional cost to IOA is mounting. The company faces multistate attorney-general filings, a class-action litigation pipeline, and the operational burden of customer notification six months after the underlying intrusion. The lengthy gap between incident discovery and public notification has drawn critical commentary, particularly because the Daixin Team had publicly claimed the attack within days. IOA has engaged outside cybersecurity counsel and is offering credit monitoring services to those notified. The reputational impact in the brokerage market is meaningful, since clients who rely on insurance advisors expect those advisors to safeguard sensitive policy and identity records. The Daixin Team has previously targeted healthcare-sector organizations such as Acadian Ambulance and Communicare.
About Insurance Office of America
Insurance Office of America (IOA) is one of the largest privately held independent insurance brokerage and risk-management firms in the United States. Founded in 1988 and headquartered in Longwood, Florida, the company provides insurance placement and advisory services to commercial and personal clients, including risk assessment, claims advocacy, and employee benefits programs. Operating offices in dozens of locations nationwide, IOA serves a wide spectrum of clients ranging from small businesses to large enterprises and high-net-worth individuals. As an insurance broker, the firm collects identity, employer, financial, claims, and beneficiary records as part of routine policy placement and administration workflows.
Why They Hold Your Data
Insurance brokerages collect identity, policy, claims, contact, financial, and employer-linked records across advisory, placement, and client-service workflows.
Recent Developments
IOA discovered the breach on June 30, 2025 and engaged external cybersecurity experts to investigate and contain the intrusion. The company filed formal breach disclosures with multiple state attorneys general including those of California, Maine, Massachusetts, New Hampshire, and Texas in mid-January 2026, roughly six and a half months after the original incident, and began written notifications to affected individuals on the same date. The Daixin Team, a ransomware and extortion group active since 2022, claimed responsibility on the dark web on July 2, 2025. U.S. plaintiff law firms began organizing class-action investigations following the January 2026 disclosures. IOA is offering free credit monitoring to affected individuals.
Data Points Exposed
4 verified field types
Email Address
Full Name High
Phone Number
Social Security Number Critical
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:Critical
Primary downstream threats:
- Identity theft and synthetic identity construction using government-issued IDs
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
Threat vectors:
- Phishing, credential stuffing & account takeover
- Name-based social engineering
- SIM swapping, vishing & SMS phishing
- Full identity theft & synthetic identity fraud
Threat Actor: Daixin Team
Daixin Team
Unknown
Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.
Recommended Actions
If you believe your information may be included:
Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the Insurance Office of America breach?▾
Insurance Office of America, one of the largest privately held independent U.S. insurance brokerages, suffered a cybersecurity incident between June 25 and June 30, 2025. The company identified the unauthorized access on June 30 and engaged external cybersecurity specialists to investigate. The…
What data was exposed?▾
Verified fields include Email Address, Full Name, Phone Number, Social Security Number.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation