NBOA Data Breach Exposes PII of 3,580 Individuals in U.S. Ransomware Attack
The National Boat Owners Association (NBOA), a marine insurance provider, suffered a data breach between mid-May and early June 2025 after cybercriminals compromised one of its managed service providers. The attack, attributed to the INC Ransomware group, was detected on June 6, 2025, though the group later claimed responsibility on the dark web on July 22, 2025.
The breach exposed personally identifiable information (PII) of 3,580 individuals, including 154 Massachusetts residents and 15 Maine residents. Compromised data included full names, addresses, driver’s licenses, Social Security numbers, insurance details, and policy numbers.
NBOA notified affected consumers on January 21, 2026, and disclosed the incident to state authorities, including the Maine and Vermont Attorneys General and the Massachusetts Office of Consumer Affairs and Business Regulation, between January 21–22, 2026.
In response, NBOA terminated its relationship with the compromised service provider, engaged a forensic firm to investigate, and strengthened its cybersecurity measures. The company is offering 24 months of complimentary Experian IdentityWorks to impacted individuals, covering identity monitoring, credit monitoring, identity restoration support, and $1 million in identity theft insurance.
Source: https://www.claimdepot.com/data-breach/national-boat-owners-association-2026
Managed Care Systems, Inc. cybersecurity rating report: https://www.rankiteo.com/company/managed-care-systems-inc-
"id": "MAN1769110344",
"linkid": "managed-care-systems-inc-",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '3580',
'industry': 'Insurance',
'location': 'United States',
'name': 'National Boat Owners Association (NBOA)',
'type': 'Marine insurance provider'}],
'attack_vector': 'Compromised managed service provider',
'customer_advisories': '24 months of complimentary Experian IdentityWorks '
'(identity monitoring, credit monitoring, identity '
'restoration support, and $1 million in identity theft '
'insurance)',
'data_breach': {'number_of_records_exposed': '3580',
'personally_identifiable_information': ['Full names',
'Addresses',
'Driver’s licenses',
'Social Security '
'numbers',
'Insurance details',
'Policy numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally identifiable '
'information (PII)'},
'date_detected': '2025-06-06',
'date_publicly_disclosed': '2025-07-22',
'description': 'The National Boat Owners Association (NBOA), a marine '
'insurance provider, suffered a data breach between mid-May '
'and early June 2025 after cybercriminals compromised one of '
'its managed service providers. The attack, attributed to the '
'INC Ransomware group, exposed personally identifiable '
'information (PII) of 3,580 individuals, including full names, '
'addresses, driver’s licenses, Social Security numbers, '
'insurance details, and policy numbers.',
'impact': {'data_compromised': 'Personally identifiable information (PII)',
'identity_theft_risk': 'High'},
'initial_access_broker': {'entry_point': 'Managed service provider'},
'investigation_status': 'Ongoing (forensic investigation)',
'ransomware': {'ransomware_strain': 'INC Ransomware'},
'references': [{'source': 'State disclosures (Maine, Vermont, '
'Massachusetts)'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
'General',
'Vermont Attorney '
'General',
'Massachusetts Office '
'of Consumer Affairs '
'and Business '
'Regulation']},
'response': {'communication_strategy': 'Notified affected consumers and state '
'authorities',
'containment_measures': 'Terminated relationship with '
'compromised service provider',
'remediation_measures': 'Strengthened cybersecurity measures',
'third_party_assistance': 'Forensic firm'},
'threat_actor': 'INC Ransomware group',
'title': 'NBOA Data Breach Exposes PII of 3,580 Individuals in U.S. '
'Ransomware Attack',
'type': 'Ransomware'}