Beacon Mutual Insurance Hit by Ransomware Attack, Hacker Group INC Claims Responsibility
Beacon Mutual Insurance Company, Rhode Island’s leading provider of workers’ compensation insurance and the state’s designated "insurer of last resort," confirmed a ransomware attack on January 14. The Warwick-based company disclosed the incident on January 25 after its appearance on public ransomware tracking sites prompted inquiries.
According to Michelle N. Pelletier, Beacon’s assistant vice president of marketing and communications, the attack did not encrypt the company’s production environment, allowing normal operations to resume by January 20. However, select systems were proactively disconnected to contain the threat, and a forensic investigation conducted with external experts is ongoing to assess potential data exposure. Affected individuals will be notified if their personal information was compromised.
The hacker group INC Ransom claimed responsibility for the breach, posting on its dark web leak site that it exfiltrated 275 GB of sensitive data, including internal documents, financial reports, employee and claimant personal information (such as Social Security numbers), client databases, and system backups. Cybersecurity researcher Connor Goodwolf confirmed the ransom page remains active, though it lacks a countdown timer for public data release.
INC Ransom, which operates as a ransomware-as-a-service (RaaS) group, has targeted high-profile victims in 2025, including the Pennsylvania Attorney General’s office and Stark Aerospace, a U.S. Department of Defense contractor. The group employs double extortion, encrypting files while also stealing data to pressure victims into paying ransoms. A November 2025 report from cybersecurity firm Blackpoint Cyber noted INC’s rapid growth, with 300 claimed victims in 2025 nearly double its 2024 total attributed to its adaptive tactics, including partial encryption and multithreading for faster attacks.
Beacon Mutual, a mutual insurance company owned by its policyholders, plays a critical role in Rhode Island’s workers’ compensation system. Established in 1990 as the State Compensation Insurance Fund to stabilize the market after private insurers withdrew, it rebranded as Beacon in 1992 and later expanded into Massachusetts and Connecticut. The state spent over $23 million on Beacon’s services in fiscal year 2025, per Rhode Island’s transparency portal.
While law enforcement has been notified, details of the attack remain limited as the investigation continues. A Washington, D.C.-based law firm, Mason LLP, has begun exploring a class action lawsuit on behalf of potential breach victims.
Source: https://rhodeislandcurrent.com/2026/02/05/beacon-mutual-hit-by-ransomware-attack/
The Beacon Mutual Insurance Company cybersecurity rating report: https://www.rankiteo.com/company/beacon-mutual-insurance
"id": "BEA1770359867",
"linkid": "beacon-mutual-insurance",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Workers’ Compensation Insurance',
'location': 'Warwick, Rhode Island, USA',
'name': 'Beacon Mutual Insurance Company',
'type': 'Insurance Company'}],
'customer_advisories': 'Affected individuals will be notified if personal '
'information was compromised',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (Social Security numbers, '
'personal information)',
'type_of_data_compromised': ['Internal documents',
'Financial reports',
'Employee personal information',
'Claimant personal information',
'Client databases',
'System backups']},
'date_detected': '2025-01-14',
'date_publicly_disclosed': '2025-01-25',
'date_resolved': '2025-01-20',
'description': 'Beacon Mutual Insurance Company, Rhode Island’s leading '
'provider of workers’ compensation insurance, confirmed a '
'ransomware attack on January 14. The hacker group INC Ransom '
'claimed responsibility, exfiltrating 275 GB of sensitive data '
'including internal documents, financial reports, employee and '
'claimant personal information, client databases, and system '
'backups.',
'impact': {'data_compromised': '275 GB of sensitive data',
'identity_theft_risk': 'High (Social Security numbers exposed)',
'legal_liabilities': 'Potential class action lawsuit',
'operational_impact': 'Normal operations resumed by January 20',
'systems_affected': 'Select systems (proactively disconnected)'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain (double extortion)',
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'INC Ransom'},
'references': [{'source': 'Beacon Mutual Insurance Company'},
{'source': 'INC Ransom dark web leak site'},
{'source': 'Cybersecurity researcher Connor Goodwolf'},
{'source': 'Blackpoint Cyber report (November 2025)'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit '
'(Mason LLP)'},
'response': {'communication_strategy': 'Public disclosure on January 25',
'containment_measures': 'Proactively disconnected select systems',
'law_enforcement_notified': True,
'recovery_measures': 'Normal operations resumed by January 20',
'third_party_assistance': 'External forensic experts'},
'threat_actor': 'INC Ransom',
'title': 'Beacon Mutual Insurance Hit by Ransomware Attack',
'type': 'Ransomware'}