Diversified Benefit Services Insurance Marketing and Inc.: Data Breach at Diversified Benefit Services Insurance Marketing Exposes SSNs

Diversified Benefit Services Insurance Marketing (DBS) Discloses Data Breach Exposing PHI and PII

On August 7, 2025, Diversified Benefit Services Insurance Marketing, Inc. (DBS) detected unauthorized activity in its email environment, leading to a data breach that compromised protected health information (PHI) and personally identifiable information (PII). The incident was formally disclosed in a notice filed with the California Attorney General on January 21, 2026.

An investigation, conducted with external cybersecurity experts, confirmed that an unauthorized actor accessed DBS’ email system and potentially downloaded emails and files containing sensitive data. Exposed information includes names, Social Security numbers, medical records, treatment details, health insurance information, and policy numbers. While the breach was contained to the email environment, the ability to exfiltrate data heightens the risk of identity theft and fraud for affected individuals.

DBS did not disclose the exact number of impacted individuals in its public filing.

In response, the company secured its systems, conducted a thorough review to identify affected parties, and began sending notification letters. To mitigate risks, DBS is offering complimentary credit monitoring and identity protection services through Cyberscout (a TransUnion company) for 12 months, including:

• Single-bureau credit monitoring
• Credit reports and scores
• Proactive fraud assistance
• Identity protection support

Affected individuals must enroll within 90 days of receiving their notification letter to access these services. Additional details and support are available via Cyberscout at 1-800-405-6108 (Monday–Friday, 5 a.m.–5 p.m. PT).

Source: https://www.claimdepot.com/data-breach/diversified-benefit-services-2026

Diversified Benefit Services, Inc. cybersecurity rating report: https://www.rankiteo.com/company/diversified-benefit-services-inc.

"id": "DIV1769207825",
"linkid": "diversified-benefit-services-inc.",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Insurance',
                        'name': 'Diversified Benefit Services Insurance '
                                'Marketing, Inc. (DBS)',
                        'type': 'Company'}],
 'attack_vector': 'Email Environment',
 'customer_advisories': 'Offering complimentary credit monitoring and identity '
                        'protection services through Cyberscout (a TransUnion '
                        'company) for 12 months, including single-bureau '
                        'credit monitoring, credit reports and scores, '
                        'proactive fraud assistance, and identity protection '
                        'support. Affected individuals must enroll within 90 '
                        'days of receiving their notification letter.',
 'data_breach': {'data_exfiltration': 'Potential download of emails and files',
                 'personally_identifiable_information': ['Names',
                                                         'Social Security '
                                                         'numbers',
                                                         'Medical records',
                                                         'Treatment details',
                                                         'Health insurance '
                                                         'information',
                                                         'Policy numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Protected Health Information '
                                              '(PHI)',
                                              'Personally Identifiable '
                                              'Information (PII)']},
 'date_detected': '2025-08-07',
 'date_publicly_disclosed': '2026-01-21',
 'description': 'Diversified Benefit Services Insurance Marketing, Inc. (DBS) '
                'detected unauthorized activity in its email environment, '
                'leading to a data breach that compromised protected health '
                'information (PHI) and personally identifiable information '
                '(PII). An unauthorized actor accessed DBS’ email system and '
                'potentially downloaded emails and files containing sensitive '
                'data, including names, Social Security numbers, medical '
                'records, treatment details, health insurance information, and '
                'policy numbers.',
 'impact': {'data_compromised': 'Protected Health Information (PHI) and '
                                'Personally Identifiable Information (PII)',
            'identity_theft_risk': 'High',
            'systems_affected': 'Email environment'},
 'investigation_status': 'Completed',
 'references': [{'source': 'California Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['California Attorney '
                                                        'General']},
 'response': {'communication_strategy': 'Notification letters to affected '
                                        'individuals',
              'containment_measures': 'Secured systems',
              'remediation_measures': 'Review to identify affected parties, '
                                      'sent notification letters',
              'third_party_assistance': 'External cybersecurity experts'},
 'title': 'Diversified Benefit Services Insurance Marketing (DBS) Discloses '
          'Data Breach Exposing PHI and PII',
 'type': 'Data Breach'}