Meehan experienced a data breach where an unauthorized third party accessed an employee email account between July 2 and July 8, 2024, potentially compromising sensitive personal and protected health information. The exposed data includes names, Social Security numbers, driver’s license/state ID numbers, passport numbers, financial account details, payment card information, dates of birth, and medical records. The breach was discovered on July 8, 2024, but public notification was delayed until November 19, 2025, when Meehan posted a breach notice and began mailing notifications to affected individuals. Impacted parties were offered complimentary credit monitoring services as a remedial measure. The incident highlights vulnerabilities in securing employee email accounts containing highly sensitive customer and employee data, raising concerns over prolonged exposure risks and regulatory compliance failures.
Source: https://straussborrelli.com/2025/11/24/meehan-insurance-data-breach-investigation/
Meehan Incorporated cybersecurity rating report: https://www.rankiteo.com/company/meehan-incorporated
"id": "MEE1005710112525",
"linkid": "meehan-incorporated",
"type": "Breach",
"date": "7/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'name': 'Meehan', 'type': 'Organization'}],
'attack_vector': 'Compromised Employee Email Account',
'customer_advisories': ['Breach notification letters mailed to impacted '
'individuals',
'Complimentary credit monitoring services offered'],
'data_breach': {'data_exfiltration': 'Potential (unauthorized access '
'confirmed, but exfiltration not '
'explicitly stated)',
'file_types_exposed': ['Email account data'],
'personally_identifiable_information': ['Name',
'Social Security '
'number',
'Driver’s license or '
'state ID number',
'Passport number',
'Date of birth'],
'sensitivity_of_data': 'High (includes SSNs, financial, and '
'medical data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2024-07-08',
'date_publicly_disclosed': '2025-11-19',
'description': 'Meehan announced a data breach where sensitive personal '
'identifiable information (PII) and protected health '
'information (PHI) in an employee email account may have been '
'accessed by an unauthorized third party between July 2 and '
'July 8, 2024. The breach was discovered on July 8, 2024, and '
'the company launched an investigation to determine the scope '
'and impact. Affected individuals were notified via mail and '
'offered complimentary credit monitoring services. The exposed '
'data includes names, Social Security numbers, driver’s '
'license/state ID numbers, passport numbers, financial account '
'information, payment card information, dates of birth, and '
'medical information.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive PII/PHI',
'data_compromised': ['Name',
'Social Security number',
'Driver’s license or state ID number',
'Passport number',
'Financial account information',
'Payment card information',
'Date of birth',
'Medical information'],
'identity_theft_risk': 'High (due to exposure of SSNs, financial, '
'and medical data)',
'payment_information_risk': 'High (payment card and financial '
'account information exposed)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account',
'high_value_targets': ['PII and PHI data']},
'investigation_status': 'Completed (review of impacted data and '
'identification of affected individuals conducted)',
'references': [{'source': 'Meehan Breach Notice Website'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine residents '
'notified (implied '
'compliance with state '
'breach laws)']},
'response': {'communication_strategy': ['Public breach notice on website '
'(2025-11-19)',
'Mailed notification letters to '
'impacted individuals'],
'incident_response_plan_activated': True,
'recovery_measures': ['Credit monitoring services offered to '
'affected individuals'],
'remediation_measures': ['Review of compromised data',
'Identification of affected '
'individuals']},
'threat_actor': 'Unauthorized Third Party',
'title': 'Meehan Data Breach Involving Sensitive Personal and Protected '
'Health Information',
'type': 'Data Breach'}