Goosehead Insurance Agency, LLC

Goosehead Insurance Agency experienced a data breach after cybercriminals infiltrated its inadequately secured network, accessing and acquiring files containing highly sensitive personal information of tens of thousands of individuals. The exposed data included names, Social Security numbers, financial account details, payment card information, medical records, health insurance data, driver’s license numbers, and government-issued IDs. The breach poses severe risks, as the stolen information could be sold on the dark web or used for identity theft, financial fraud, or targeted scams. A law firm (Murphy Law Firm) is investigating potential class-action lawsuits on behalf of affected individuals, indicating significant legal and reputational repercussions for Goosehead. The incident underscores critical vulnerabilities in the company’s cybersecurity defenses, leading to widespread exposure of personally identifiable information (PII) and protected health information (PHI).

Source: https://www.globenewswire.com/news-release/2025/10/17/3168416/0/en/Goosehead-Insurance-Data-Breach-Exposes-Personal-Information-Murphy-Law-Firm-Investigates-Legal-Claims.html

TPRM report: https://www.rankiteo.com/company/goosehead-insurance

"id": "goo1362113101725",
"linkid": "goosehead-insurance",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Tens of thousands of '
                                              'individuals',
                        'industry': 'Insurance',
                        'name': 'Goosehead Insurance Agency, LLC',
                        'type': 'Insurance Agency'}],
 'customer_advisories': 'Notification sent to affected individuals; legal '
                        'options provided via Murphy Law Firm',
 'data_breach': {'data_exfiltration': 'Likely (data accessed and/or acquired '
                                      'by cybercriminals)',
                 'number_of_records_exposed': 'Tens of thousands',
                 'personally_identifiable_information': 'Yes (names, SSNs, '
                                                        'driver’s license '
                                                        'numbers, '
                                                        'government-issued '
                                                        'IDs)',
                 'sensitivity_of_data': 'High (includes SSNs, financial, '
                                        'medical, and government ID data)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Financial Data',
                                              'Health Data',
                                              'Government ID Data']},
 'date_publicly_disclosed': '2025-10-16',
 'description': "Goosehead Insurance Agency, LLC ('Goosehead') experienced a "
                'security incident where cybercriminals infiltrated its '
                'inadequately secured network and gained access to files '
                'containing sensitive personal information of tens of '
                'thousands of individuals. The exposed data includes names, '
                'Social Security numbers, financial account information, '
                'payment card information, medical information, health '
                'insurance information, driver’s license numbers, and '
                'government-issued ID numbers. The compromised data may be '
                'sold on the dark web or used for identity theft.',
 'impact': {'brand_reputation_impact': 'Potential (due to class action lawsuit '
                                       'and data exposure)',
            'data_compromised': ['Names',
                                 'Social Security numbers',
                                 'Financial account information',
                                 'Payment card information',
                                 'Medical information',
                                 'Health insurance information',
                                 'Driver’s License numbers',
                                 'Government-issued ID numbers'],
            'identity_theft_risk': 'High (due to exposure of PII and sensitive '
                                   'data)',
            'legal_liabilities': 'Potential (class action lawsuit being '
                                 'evaluated by Murphy Law Firm)',
            'payment_information_risk': 'High (payment card and financial '
                                        'account information exposed)'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Potential (risk '
                                                    'highlighted in '
                                                    'disclosure)'},
 'investigation_status': 'Forensic investigation completed; legal evaluation '
                         'ongoing (class action lawsuit)',
 'post_incident_analysis': {'root_causes': 'Inadequately secured network'},
 'references': [{'date_accessed': '2025-10-16',
                 'source': 'GLOBE NEWSWIRE - Murphy Law Firm Press Release'}],
 'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit '
                                            '(under evaluation by Murphy Law '
                                            'Firm)'},
 'response': {'communication_strategy': 'Public disclosure via press release; '
                                        'notification to affected individuals',
              'incident_response_plan_activated': 'Yes (forensic investigation '
                                                  'conducted)'},
 'threat_actor': 'Cybercriminals',
 'title': 'Goosehead Insurance Agency Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Inadequately secured network'}