The DiMarco Group, a New York-based construction and real estate development company, suffered a data breach exposing personally identifiable information (PII) of employees and contractors across its subsidiaries. The compromised data includes names, Social Security numbers, addresses, contact details, driver’s license numbers, health insurance information, and financial account details, though the exact number of affected individuals remains undisclosed. The breach was formally reported to the Massachusetts Attorney General on October 27, 2025, with notifications sent to impacted individuals via mail. In response, the company is offering 24 months of free credit monitoring (TransUnion Cyberscout) and established a dedicated call center for inquiries. The incident highlights significant risks to employee and contractor data integrity, with potential long-term consequences for identity theft, financial fraud, and reputational harm to the organization.
Source: https://www.claimdepot.com/data-breach/the-dimarco-group-2025
TPRM report: https://www.rankiteo.com/company/the-dimarco-group
"id": "the3094530102725",
"linkid": "the-dimarco-group",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Construction and Real Estate Development',
'location': 'New York, USA',
'name': 'The DiMarco Group',
'type': 'Private Company'}],
'customer_advisories': 'Affected individuals advised to monitor credit and '
'utilize provided credit monitoring services',
'data_breach': {'data_exfiltration': 'Likely (data was compromised and '
'potentially accessed by unauthorized '
'parties)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (includes SSNs, financial, and '
'health-related information)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Names',
'Social Security numbers',
'Addresses',
'Contact information',
"Driver's license numbers",
'Health insurance information',
'Financial account information']},
'date_publicly_disclosed': '2025-10-27',
'description': 'The DiMarco Group, a construction and real estate development '
'company based in New York, experienced a data breach '
'compromising personally identifiable information (PII). The '
'breach may have exposed names, Social Security numbers, '
"addresses, contact information, driver's license numbers, "
'health insurance information, and financial account '
'information of employees and contractors across multiple '
'DiMarco Group companies. The total number of affected '
'individuals and the full scope of sensitive data exposed have '
'not been publicly disclosed. The company disclosed the breach '
'to the Massachusetts Attorney General on October 27, 2025, '
'and began notifying affected individuals by mail. In '
'response, DiMarco Group is offering 24 months of free '
'TransUnion Cyberscout single-bureau credit monitoring and has '
'established a dedicated call center for inquiries.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive PII',
'data_compromised': ['Personally Identifiable Information (PII)',
'Names',
'Social Security numbers',
'Addresses',
'Contact information',
"Driver's license numbers",
'Health insurance information',
'Financial account information'],
'identity_theft_risk': "High (due to exposure of SSNs, driver's "
'license numbers, and financial account '
'information)',
'legal_liabilities': 'Potential legal liabilities due to exposure '
'of PII; disclosures made to Massachusetts '
'Attorney General',
'payment_information_risk': 'Potential (financial account '
'information may have been exposed)'},
'investigation_status': 'Ongoing (not fully disclosed)',
'references': [{'source': 'Massachusetts Attorney General Office '
'(Disclosure)'}],
'regulatory_compliance': {'regulatory_notifications': 'Massachusetts Attorney '
'General (notified on '
'2025-10-27)'},
'response': {'communication_strategy': 'Mail notifications to affected '
'individuals; disclosure to '
'Massachusetts Attorney General',
'incident_response_plan_activated': 'Yes (disclosures and credit '
'monitoring offered)',
'recovery_measures': '24 months of free TransUnion Cyberscout '
'single-bureau credit monitoring for '
'affected individuals; dedicated call '
'center established',
'third_party_assistance': 'TransUnion Cyberscout (credit '
'monitoring services)'},
'stakeholder_advisories': 'Notifications sent to affected individuals via '
'mail; dedicated call center established',
'title': 'Data Breach at The DiMarco Group',
'type': 'Data Breach'}