FCCI Insurance Group 2026 Data Breach

FCCI Insurance Group 2026 Data Breach

Financial Services / Commercial Property & Casualty Insurance / B2B via independent agencies / United States (20 states + DC)

FCCI Insurance Group 2026 Data Breach

Sarasota-based commercial property-and-casualty and workers' compensation insurer serving businesses through independent agents in 20 states.

Confirmed · ObscureIQ Intelligence
Breach Risk Index i
88/100
Lower riskHigher risk
High and current: recent, valuable data circulating on the dark web now.
Data Sensitivity i
Elevated
Exposed data raises the risk of fraud, targeting, and impersonation. Proactive steps are warranted.
118k rowsRecords
2026Year

The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.

Crucial data exposed
SSNSocial Security Number
Classification Tags
RedactRansomware / ExtortionFinancial ServicesInsurancePolicyholders/Employees2026

Breach Summary

On or about June 28, 2026, FCCI Insurance Group was compromised in a Redact ransomware and extortion intrusion that began with voice-phishing (vishing) and session-hijacking to bypass multi-factor authentication. Roughly 118,000 records are in circulation through the actor's leak channel. Reporting indicates names and Social Security numbers among the exposed data; the company did not enumerate the full field set.

Full threat analysis, exploitation vectors, and principal guidance below.

10 additional sections · verified field analysis · defensive doctrine

Querying breach corpus…
Cross-referencing exposed field types…
Resolving threat-actor attribution…
Compiling principal risk advisory…

118k rows records analyzed

About FCCI Insurance Group

FCCI Insurance Group is a Sarasota, Florida commercial property-and-casualty insurer founded in 1959 as a workers' compensation self-insurance fund for local employers. It now writes commercial auto, general liability, property, umbrella, workers' compensation and surety bonds with related risk-control services, distributed exclusively through independent agencies across 20 states and Washington, D.C. The carrier holds roughly $2.8 billion in assets and about $1 billion in direct written premium and is rated A (Excellent) by A.M. Best.

Why They Hold Your Data

As a workers'-compensation and commercial-lines carrier, FCCI holds policyholder and claimant records that routinely include names, Social Security numbers, and injury, employment and claims information, alongside agent and insured-business data. This is high-sensitivity identity and financial information gathered in the ordinary course of underwriting and claims administration.

Recent Developments

FCCI disclosed the incident in mid-2026 and continues to operate as an A-rated regional carrier, notifying affected individuals following the intrusion.

Data Points Exposed

2 verified field types
Full Name
Social Security Number Critical

Breach Impact

A workers'-compensation carrier breach exposes claimants and insured employees who never dealt with the attacker directly, creating notification and regulatory obligations across FCCI's 20-state footprint and potential litigation. Because Social Security numbers are implicated, affected individuals face elevated identity-theft exposure that typically drives credit-monitoring offers and state attorney-general reporting.

Principal Risk Advisory

What this means for a principal

A financial-institution breach: account, wealth or payment data supports direct fraud and highly credible financial-impersonation scams. For a high-profile principal the main risk is credible impersonation and enrichment of existing exposure.

What You Should Do

  1. Freeze credit at all three bureaus and monitor for new-account and tax-refund fraud.
  2. Do not use unofficial 'am I affected' lookups; several are themselves harvesting operations.

How ObscureIQ Can Help

  1. Corpus confirmation: determine whether and where the principal (plus household and staff) appear in this dataset and which specific fields are exposed for them.
  2. Exposure mapping: cross-reference the exposed identifiers against broker-available data to size and prioritize the principal's wider footprint.
  3. ThreatWatch tuned to this incident's identifiers and misuse pattern (impersonation and targeting patterns, not generic credential monitoring).
R
Threat Actor: RedactConfidence: Low
Unattributed handle

Motivation: Unknown
A handle/label appearing as a claimed breach source. No substantive public threat-intelligence reporting was confirmed; treat as unverified pending corroboration.

Read the full threat-actor profile →

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation