In March 2025, Goosehead Insurance Agency suffered a **ransomware attack** by the **CHAOS group**, which encrypted company files and exfiltrated **300 GB of sensitive data** between **March 6–13, 2025**. The breach exposed **personally identifiable information (PII)** of customers, including **names, Social Security numbers, driver’s license/state ID numbers, and financial account details**. The stolen data was later posted on the dark web by the attackers. Goosehead notified affected individuals in **October 2025**, confirming at least **five Maine residents** were impacted. The incident poses severe risks of **identity theft, financial fraud, and long-term reputational damage**, with legal investigations underway for potential compensation claims by affected parties.
Source: https://www.claimdepot.com/investigations/goosehead-insurance-data-breach-2025
TPRM report: https://www.rankiteo.com/company/goosehead-insurance
"id": "goo2803128101425",
"linkid": "goosehead-insurance",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Unknown total; at least 5 '
'confirmed in Maine',
'industry': 'Insurance',
'location': 'Westlake, Texas, USA',
'name': 'Goosehead Insurance Agency, LLC',
'size': 'National (serves all 50 states, 2,000+ '
'licensed agents)',
'type': 'Insurance Agency'}],
'customer_advisories': 'Guidance provided on credit monitoring, fraud alerts, '
'and identity theft prevention',
'data_breach': {'data_encryption': 'Yes (files on systems, servers, and '
'workstations encrypted)',
'data_exfiltration': 'Yes (300 GB of data exfiltrated)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (includes SSNs, driver’s license '
'numbers, financial account '
'information)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2025-03-13',
'date_publicly_disclosed': '2025-03-31',
'description': 'Goosehead Insurance Agency, LLC experienced a ransomware '
'attack in March 2025, where an unauthorized actor accessed '
'and encrypted systems, exfiltrating approximately 300 GB of '
'sensitive data, including personally identifiable information '
'(PII) such as names, Social Security numbers, driver’s '
'license numbers, state identification numbers, and financial '
'account information. The ransomware group CHAOS claimed '
'responsibility and leaked the data on the dark web. Affected '
'individuals were notified in October 2025, and the breach was '
'reported to regulatory authorities, including the Maine '
'Attorney General’s office.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive customer data '
'and dark web leak',
'data_compromised': ['Names',
'Social Security numbers',
'Driver’s license numbers',
'State identification numbers',
'Financial account information'],
'identity_theft_risk': 'High (PII exposed)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'from affected individuals',
'operational_impact': 'Systems encrypted; sensitive data '
'exfiltrated (300 GB)',
'payment_information_risk': 'High (financial account information '
'exposed)',
'systems_affected': ['Servers', 'Workstations', 'Company files']},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (300 GB of data '
'leaked by CHAOS on '
'2025-03-31)',
'high_value_targets': 'Customer PII and financial '
'data',
'reconnaissance_period': '2025-03-06 to 2025-03-13 '
'(period of unauthorized '
'access)'},
'investigation_status': 'Ongoing (law firms investigating potential claims; '
'internal investigation completed by Goosehead)',
'motivation': 'Financial gain (ransomware extortion)',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransomware_strain': 'CHAOS'},
'recommendations': ['Monitor credit reports (Equifax, Experian, TransUnion)',
'Place fraud alerts or credit freezes',
'Monitor bank/credit card statements for suspicious '
'activity',
'Report identity theft to law enforcement and state '
'Attorney General'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'source': 'Maine Attorney General’s Office Breach Report'}],
'regulatory_compliance': {'legal_actions': 'Potential class-action lawsuits '
'(under investigation by Shamis & '
'Gentile P.A.)',
'regulatory_notifications': 'Maine Attorney '
'General’s office (5 '
'Maine residents '
'affected)'},
'response': {'communication_strategy': 'Written notices sent to affected '
'individuals on 2025-10-10; guidance '
'provided on credit monitoring and '
'fraud prevention',
'incident_response_plan_activated': 'Yes (internal investigation '
'conducted)'},
'stakeholder_advisories': 'Written notices sent to affected individuals '
'(2025-10-10)',
'threat_actor': 'CHAOS (ransomware group)',
'title': 'Goosehead Insurance Agency Data Breach and Ransomware Attack (March '
'2025)',
'type': ['Data Breach', 'Ransomware Attack']}