Shondeck Financial Services & Insurance, a Colorado-based independent insurance and financial advisory firm, suffered a data breach after detecting unusual activity in one of its internal email accounts on April 3, 2025. An unauthorized actor compromised the account, potentially exposing sensitive personally identifiable information (PII) of several thousand customers, including: - Full names, addresses, dates of birth, Social Security numbers, and driver’s license numbers - Insurance policy details, medical information, claim records, and payment data The breach was confirmed after a forensic investigation, with notifications sent to affected individuals by September 8, 2025, and disclosed to the Montana Attorney General’s office later that month. While no evidence of misuse has been reported, the exposure of such high-risk data (e.g., SSNs, medical records, financial details) poses significant risks of identity theft, fraud, and long-term financial harm. The company offered free Kroll identity monitoring services to mitigate risks, but the incident underscores severe lapses in email security and data protection protocols.
Source: https://www.claimdepot.com/investigations/shondeck-financial-services-insurance-data-breach-2025
TPRM report: https://www.rankiteo.com/company/shondeck-financial-services-&-insurance-inc.
"id": "sho1793417092925",
"linkid": "shondeck-financial-services-&-insurance-inc.",
"type": "Breach",
"date": "4/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Several thousand (exact number '
'not disclosed)',
'industry': 'Insurance and Financial Services',
'location': 'Gunnison County, Colorado, USA (Western '
'Slope region)',
'name': 'Shondeck Financial Services & Insurance',
'type': 'Independent Insurance and Financial Advisory '
'Agency'}],
'attack_vector': 'Compromised Email Account',
'customer_advisories': ['Enroll in Kroll identity monitoring',
'Monitor accounts for fraud',
'Consider fraud alerts and credit freezes',
'Seek legal assistance for compensation claims'],
'data_breach': {'data_exfiltration': 'Likely (data accessed by unauthorized '
'actor)',
'number_of_records_exposed': 'Several thousand (exact number '
'not disclosed)',
'personally_identifiable_information': ['Name',
'Address',
'Date of birth',
'Social Security '
'number',
"Driver's license "
'number'],
'sensitivity_of_data': "High (includes SSNs, driver's license "
'numbers, medical, and payment '
'information)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Information',
'Health Information',
'Insurance Policy Details']},
'date_detected': '2025-04-03',
'date_publicly_disclosed': '2025-09-08',
'description': 'Shondeck Financial Services & Insurance, an independent '
'insurance and financial advisory agency based in Colorado, '
'discovered unusual activity in one of its internal email '
'accounts on April 3, 2025. An investigation confirmed that an '
'unauthorized actor compromised the email account, potentially '
'exposing sensitive personally identifiable information (PII) '
'of several thousand customers. The breach was disclosed to '
'affected individuals by September 8, 2025, and reported to '
"the Montana Attorney General's office on September 24, 2025. "
'Exposed data may include names, addresses, dates of birth, '
"Social Security numbers, driver's license numbers, insurance "
'policy details, medical information, claim information, and '
'payment information. While no evidence of misuse has been '
'reported, affected individuals are at risk of identity theft '
'and fraud.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive customer data',
'data_compromised': ['Name',
'Address',
'Date of birth',
'Social Security number',
"Driver's license number",
'Insurance policy details',
'Medical information',
'Specific claim information',
'Payment information'],
'identity_theft_risk': 'High (due to exposure of PII including '
"SSNs and driver's license numbers)",
'legal_liabilities': 'Potential lawsuits and compensation claims '
'for affected individuals',
'payment_information_risk': 'High (payment information exposed)',
'systems_affected': ['Email Account']},
'initial_access_broker': {'entry_point': 'Compromised email account',
'high_value_targets': ['Customer PII',
'Insurance policy details',
'Payment information']},
'investigation_status': 'Ongoing (as of 2025-09-24, with legal investigation '
'by Shamis & Gentile P.A.)',
'post_incident_analysis': {'corrective_actions': ['Provided identity '
'monitoring services to '
'affected individuals',
'Notified regulatory '
'authorities']},
'recommendations': ['Enroll in free Kroll identity monitoring services',
'Monitor financial statements for suspicious activity',
'Place a fraud alert on credit reports',
'Request free annual credit reports from major bureaus',
'Seek legal counsel for potential compensation claims'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'source': 'Shondeck Financial Services & Insurance Data '
'Breach Notification'}],
'regulatory_compliance': {'legal_actions': 'Potential lawsuits for '
'compensation (investigation '
'ongoing by Shamis & Gentile P.A.)',
'regulatory_notifications': ['Montana Attorney '
"General's office "
'(notified on '
'2025-09-24)']},
'response': {'communication_strategy': ['Direct mail notifications to '
'affected individuals',
'Disclosure to Montana Attorney '
"General's office"],
'incident_response_plan_activated': 'Yes (investigation '
'initiated upon discovery of '
'unusual activity)',
'remediation_measures': ['Notification of affected individuals '
'via mail',
'Provision of free Kroll identity '
'monitoring services'],
'third_party_assistance': 'Kroll (identity monitoring services '
'provided to affected individuals)'},
'stakeholder_advisories': ['Notification letters mailed to affected '
'individuals',
"Disclosure to Montana Attorney General's office"],
'threat_actor': 'Unauthorized Actor',
'title': 'Shondeck Financial Services & Insurance Data Breach',
'type': 'Data Breach'}