IOA Reports Data Breach Affecting Sensitive Personal Information
On June 30, 2025, IOA detected a security incident impacting its internal systems, prompting an immediate investigation. The company later confirmed that an unauthorized third party may have accessed or acquired sensitive personal data between June 25 and June 30, 2025.
The exposed information includes names and Social Security numbers, though the exact details vary by individual. Following a thorough review, IOA began notifying affected individuals on January 16, 2026, via mailed breach notification letters. The notices outline the specific data compromised and offer 24 months of complimentary credit monitoring services to impacted parties.
IOA filed the breach disclosure with the Attorney General of New Hampshire, where the incident was first reported. The full notification is available through the provided documentation.
Source: https://straussborrelli.com/2026/01/21/insurance-office-of-america-data-breach-investigation/
International Ombuds Association cybersecurity rating report: https://www.rankiteo.com/company/international-ombuds-association
"id": "INT1769038013",
"linkid": "international-ombuds-association",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'name': 'IOA',
'type': 'Company'}],
'customer_advisories': '24 months of complimentary credit monitoring services '
'offered to affected individuals',
'data_breach': {'personally_identifiable_information': 'Names, Social '
'Security numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal Identifiable '
'Information (PII)'},
'date_detected': '2025-06-30',
'date_publicly_disclosed': '2026-01-16',
'description': 'IOA detected a security incident impacting its internal '
'systems, where an unauthorized third party may have accessed '
'or acquired sensitive personal data between June 25 and June '
'30, 2025. The exposed information includes names and Social '
'Security numbers, with variations by individual. Affected '
'individuals were notified on January 16, 2026, and offered 24 '
'months of complimentary credit monitoring services.',
'impact': {'data_compromised': 'Names, Social Security numbers',
'identity_theft_risk': 'High',
'systems_affected': 'Internal systems'},
'investigation_status': 'Completed',
'references': [{'source': 'Attorney General of New Hampshire'}],
'regulatory_compliance': {'regulatory_notifications': 'Filed breach '
'disclosure with the '
'Attorney General of '
'New Hampshire'},
'response': {'communication_strategy': 'Mailed breach notification letters to '
'affected individuals'},
'threat_actor': 'Unauthorized third party',
'title': 'IOA Data Breach Affecting Sensitive Personal Information',
'type': 'Data Breach'}