NASCBF Data Breach Exposes Sensitive Personal and Health Information
On December 10, 2025, the North Atlantic States Carpenters Benefit Funds (NASCBF), a provider of employer-paid health and welfare benefits, disclosed a cybersecurity incident involving unauthorized access to its network. The breach potentially compromised a wide range of sensitive data belonging to an undisclosed number of individuals.
The exposed information includes personally identifiable information (PII) and protected health information (PHI), such as:
- Social Security numbers
- Dates of birth
- Financial account or payment card details (including access codes)
- Login credentials
- Tax information
- Military identification numbers
- Medical treatment, history, or diagnosis records
- Health insurance details
- Biometric data
- Driver’s licenses, state-issued IDs, passport numbers, and license plate numbers
The incident is currently under investigation by Lynch Carpenter, LLP, a national class action law firm, which is reviewing potential legal claims against NASCBF. The firm has previously represented clients in data privacy cases and is soliciting affected individuals for case evaluations.
NASCBF has not yet released details on the scope of the breach, the method of intrusion, or the exact number of individuals impacted. Further updates may follow as the investigation progresses.
North Atlantic States Carpenters Benefit Funds cybersecurity rating report: https://www.rankiteo.com/company/north-atlantic-states-carpenters-benefit-funds
"id": "NOR1765397234",
"linkid": "north-atlantic-states-carpenters-benefit-funds",
"type": "Breach",
"date": "12/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Health and Welfare Benefits',
'location': 'Pittsburgh, PA',
'name': 'North Atlantic States Carpenters Benefit '
'Funds (NASCBF)',
'type': 'Benefits Provider'}],
'customer_advisories': 'Individuals impacted may be entitled to compensation; '
'advised to contact Lynch Carpenter, LLP.',
'data_breach': {'personally_identifiable_information': ['Social Security '
'number',
'date of birth',
'financial account or '
'payment card '
'information with '
'access code',
'login credentials',
'tax information',
'military '
'identification '
'number',
'medical treatment, '
'history, or '
'diagnosis '
'information',
'health insurance '
'information',
'biometric '
'information',
'driver’s license or '
'state-issued '
'identification '
'number',
'passport number',
'license plate '
'number'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2025-12-10',
'description': 'North Atlantic States Carpenters Benefit Funds (NASCBF) '
'announced a cybersecurity incident where an unauthorized '
'person gained access to NASCBF’s network and may have '
'acquired records containing personally identifiable '
'information (PII) and protected health information (PHI).',
'impact': {'data_compromised': 'Personally identifiable information (PII) and '
'protected health information (PHI)',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing (Lynch Carpenter, LLP investigation)',
'references': [{'date_accessed': '2025-12-10', 'source': 'Globe Newswire'},
{'date_accessed': '2025-12-10',
'source': 'Lynch Carpenter, LLP',
'url': 'www.lynchcarpenter.com'},
{'date_accessed': '2025-12-10',
'source': 'NASCBF Health Fund',
'url': 'https://www.carpentersfund.org/health-fund/'}],
'regulatory_compliance': {'legal_actions': 'Class action investigation by '
'Lynch Carpenter, LLP'},
'response': {'communication_strategy': 'Public disclosure via press release '
'and legal investigation announcement'},
'title': 'NASCBF Cybersecurity Incident and Data Breach',
'type': 'Data Breach'}