Victor A. Campanile Insurance Agency (VAC) suffered a significant data breach after detecting suspicious activity in one of its email accounts on March 21, 2025. Investigation confirmed unauthorized access to two internal email accounts by cybercriminals, exposing personally identifiable information (PII) and protected health information (PHI). Compromised data included names, Social Security numbers, driver’s license/state ID copies, medical records, and payment details. The breach affected thousands of customers, though the exact number remains undisclosed. VAC completed its review on September 5, 2025, and began notifying impacted individuals via mail on September 24, 2025, while also reporting the incident to the Massachusetts Attorney General on September 26, 2025. In response, the agency reset compromised credentials, engaged cybersecurity experts, and offered 24 months of free credit monitoring to victims. The breach highlights the severe risks of email-based attacks, given the high sensitivity and volume of exposed data, including financial and health records, which could lead to identity theft, fraud, or further targeted phishing campaigns.
Source: https://www.claimdepot.com/data-breach/victor-a-campanile-insurance-agency-2025
TPRM report: https://www.rankiteo.com/company/v-a-c-insurance-agency
"id": "v-a5792157092625",
"linkid": "v-a-c-insurance-agency",
"type": "Breach",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Thousands (exact number '
'undisclosed)',
'industry': 'Insurance',
'location': 'Massachusetts, USA',
'name': 'Victor A. Campanile Insurance Agency (VAC)',
'type': 'Insurance Agency'}],
'attack_vector': 'Email Account Compromise',
'customer_advisories': ['Dedicated assistance line: 888-844-1146 (Mon-Fri: 8 '
'a.m. - 11 p.m. ET, Sat: 9 a.m. - 6 p.m. ET)'],
'data_breach': {'data_exfiltration': 'Likely (data accessed by cybercriminal)',
'number_of_records_exposed': 'Thousands (exact number '
'undisclosed)',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers',
"Driver's License or "
'State ID Copies',
'Medical Information',
'Payment Information'],
'sensitivity_of_data': 'High (includes SSNs, medical info, '
'payment info)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-03-21',
'date_publicly_disclosed': '2025-09-26',
'description': 'Victor A. Campanile Insurance Agency (VAC) experienced a '
'major data breach where two internal email accounts were '
'potentially accessed by a cybercriminal. The breach '
'compromised personally identifiable information (PII) and '
'protected health information (PHI), including names, Social '
"Security numbers, driver's license or state ID copies, "
'medical information, and payment information. The incident '
'was discovered on or around March 21, 2025, and the '
'investigation concluded on September 5, 2025. Thousands of '
'customers are believed to be affected.',
'impact': {'brand_reputation_impact': 'Potentially Severe (due to sensitivity '
'of exposed data)',
'data_compromised': ['Personally Identifiable Information (PII)',
'Protected Health Information (PHI)',
'Names',
'Social Security Numbers',
"Driver's License or State ID Copies",
'Medical Information',
'Payment Information'],
'identity_theft_risk': "High (due to exposure of SSNs, driver's "
'licenses, and PHI)',
'payment_information_risk': 'High (payment information exposed)',
'systems_affected': ['Email Accounts']},
'initial_access_broker': {'entry_point': 'Email Accounts'},
'investigation_status': 'Completed (as of Sept. 5, 2025)',
'post_incident_analysis': {'corrective_actions': ['Changed credentials for '
'affected users',
'Engaged cybersecurity '
'experts']},
'recommendations': ['Sign up for free credit monitoring within 90 days of '
'receiving the breach letter.',
'Monitor credit reports and financial accounts for '
'unusual activity.',
'Be alert for phishing attempts using exposed '
'information.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.'],
'references': [{'source': 'VAC Insurance Agency Website'},
{'date_accessed': '2025-09-26',
'source': 'Massachusetts Attorney General Disclosure'}],
'regulatory_compliance': {'regulatory_notifications': ['Massachusetts '
'Attorney General '
'(notified on Sept. '
'26, 2025)']},
'response': {'communication_strategy': ['Notified impacted individuals by '
'mail (starting Sept. 24, 2025)',
'Disclosed incident to Massachusetts '
'Attorney General (Sept. 26, 2025)',
'Established a dedicated assistance '
'line (888-844-1146)'],
'containment_measures': ['Changed credentials for affected '
'users'],
'incident_response_plan_activated': True,
'recovery_measures': ['Offered 24 months of free single-bureau '
'credit monitoring to impacted customers'],
'third_party_assistance': ['Cybersecurity Experts']},
'title': 'Victor A. Campanile Insurance Agency (VAC) Data Breach',
'type': 'Data Breach'}