DHCA Data Breach Exposes Personal Information of Over 36,000 Individuals
On October 17, 2025, Daniel H. Cook Associates, Inc. (DHCA), a benefits administration firm serving labor organizations, detected a network disruption that prompted a cybersecurity investigation. By January 12, 2026, the probe confirmed unauthorized access to sensitive data, potentially exposing the personal information of 36,663 individuals.
Affected data may include names and Social Security numbers. DHCA began notifying impacted individuals via mail on January 16, 2026. Legal representatives are now investigating the incident to determine whether a class action lawsuit can be filed on behalf of those affected, citing potential harm such as privacy violations, financial losses, and time spent mitigating the breach.
DHCA specializes in self-funded benefits administration, primarily working with labor unions and their members. The breach highlights ongoing risks in third-party data handling, particularly in sectors managing sensitive personal and financial information. No further details on the attack vector or responsible parties have been disclosed.
Source: https://www.classaction.org/data-breach-lawsuits/daniel-h-cook-associates-january-2026
Daniel H. Cook Associates cybersecurity rating report: https://www.rankiteo.com/company/dhcook
"id": "DHC1768856471",
"linkid": "dhcook",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '36,663 individuals',
'industry': 'Labor Organizations / Benefits '
'Administration',
'name': 'Daniel H. Cook Associates, Inc. (DHCA)',
'type': 'Benefits Administration Firm'}],
'customer_advisories': 'Notified impacted individuals via mail on January 16, '
'2026',
'data_breach': {'number_of_records_exposed': '36,663',
'personally_identifiable_information': 'Names, Social '
'Security numbers',
'sensitivity_of_data': 'High (Social Security numbers)',
'type_of_data_compromised': 'Personal Information'},
'date_detected': '2025-10-17',
'date_publicly_disclosed': '2026-01-16',
'description': 'On October 17, 2025, Daniel H. Cook Associates, Inc. (DHCA), '
'a benefits administration firm serving labor organizations, '
'detected a network disruption that prompted a cybersecurity '
'investigation. By January 12, 2026, the probe confirmed '
'unauthorized access to sensitive data, potentially exposing '
'the personal information of 36,663 individuals. Affected data '
'may include names and Social Security numbers. DHCA began '
'notifying impacted individuals via mail on January 16, 2026. '
'Legal representatives are now investigating the incident to '
'determine whether a class action lawsuit can be filed on '
'behalf of those affected, citing potential harm such as '
'privacy violations, financial losses, and time spent '
'mitigating the breach.',
'impact': {'brand_reputation_impact': 'Potential harm such as privacy '
'violations and financial losses',
'data_compromised': 'Personal information including names and '
'Social Security numbers',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential class action lawsuit'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Highlights ongoing risks in third-party data handling, '
'particularly in sectors managing sensitive personal and '
'financial information',
'references': [{'source': 'Cyber Incident Description'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit'},
'response': {'communication_strategy': 'Notified impacted individuals via '
'mail'},
'title': 'DHCA Data Breach Exposes Personal Information of Over 36,000 '
'Individuals',
'type': 'Data Breach'}