The Workers Compensation Insurance Rating Bureau of California (WCIRB) experienced a data breach in July 2025 after an unauthorized actor gained access to its third-party system, Box.com. The incident exposed sensitive personally identifiable information (PII) of potentially thousands of California workers, including names, addresses, dates of birth, Social Security numbers, employment details, health information, medical records, and workers’ compensation claim data. The breach was discovered on July 9, 2025, with data mining concluding on September 18, 2025. Affected individuals were notified in October 2025, and the incident was reported to the California Attorney General’s office on October 13, 2025. WCIRB offered free identity theft protection (IDX) to victims, but the exposure of highly sensitive data—particularly SSNs, medical records, and financial details—poses significant risks of identity theft, fraud, and long-term reputational harm to those affected. Legal investigations are underway for potential compensation claims due to the severity of the breach.
Source: https://www.claimdepot.com/investigations/wcirb-california-data-breach-2025
TPRM report: https://www.rankiteo.com/company/worker-s-compensation-insurance-rating-bureau
"id": "wor0103701101725",
"linkid": "worker-s-compensation-insurance-rating-bureau",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Potentially thousands of '
'individuals (exact number '
'unreleased)',
'industry': "Workers' compensation insurance",
'location': 'California, USA',
'name': 'Workers Compensation Insurance Rating Bureau '
'of California (WCIRB)',
'type': 'Private nonprofit association'}],
'attack_vector': 'Unauthorized access to third-party system (Box.com)',
'customer_advisories': ['Check financial statements for unauthorized '
'transactions',
'Contact financial institutions if suspicious '
'activity is detected',
'Consider fraud alerts or credit freezes'],
'data_breach': {'data_exfiltration': 'Yes (data acquired by unauthorized '
'actor)',
'number_of_records_exposed': 'Potentially thousands (exact '
'number unreleased)',
'personally_identifiable_information': ['Name',
'Address',
'Date of birth',
'Social Security '
'number',
'Employment '
'information',
'Health information',
'Medical records'],
'sensitivity_of_data': 'High (includes SSNs, medical records, '
'and financial data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
"Employment/Workers' "
'compensation records']},
'date_detected': '2025-07-09',
'date_publicly_disclosed': '2025-10-00',
'description': 'Shamis & Gentile P.A., a class action law firm, is '
'investigating the WCIRB data breach involving unauthorized '
'access to a third-party system (Box.com). Sensitive '
'personally identifiable information (PII) of potentially '
'thousands of California workers was exposed, including names, '
'addresses, Social Security numbers, employment details, '
"health information, medical records, and workers' "
'compensation claim data. WCIRB detected the incident on July '
'9, 2025, completed data mining on Sept. 18, 2025, and began '
'notifying affected individuals in Oct. 2025. The breach was '
'reported to the California Attorney General’s office on Oct. '
'13, 2025.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive PII',
'data_compromised': ['Name',
'Address',
'Date of birth',
'Social Security number',
'Employment information',
'Health information',
'Medical records',
"Worker's compensation claim information"],
'identity_theft_risk': 'High (PII exposed, including SSNs)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'for affected individuals',
'systems_affected': ['Box.com (third-party system)']},
'initial_access_broker': {'entry_point': 'Third-party system (Box.com)',
'high_value_targets': ['PII of California workers',
"Workers' compensation claim "
'data',
'Health/medical records']},
'investigation_status': 'Ongoing (as of Oct. 2025; law firm investigating '
'potential claims)',
'post_incident_analysis': {'corrective_actions': ['Notification to affected '
'parties',
'Identity theft protection '
'services provided']},
'recommendations': ['Monitor financial accounts for suspicious activity',
'Place fraud alerts on credit reports',
'Sign up for free IDX identity theft protection services',
'Request annual credit reports from major bureaus',
'Seek legal counsel for potential compensation claims'],
'references': [{'source': 'Shamis & Gentile P.A. (Class Action Law Firm)'},
{'source': 'Workers Compensation Insurance Rating Bureau of '
'California (WCIRB) Breach Notification'}],
'regulatory_compliance': {'legal_actions': 'Potential class-action lawsuits '
'(under investigation by Shamis & '
'Gentile P.A.)',
'regulatory_notifications': ['California Attorney '
'General’s office '
'(reported Oct. 13, '
'2025)']},
'response': {'communication_strategy': ['Mail notifications to affected '
'individuals',
'Public disclosure via law firm '
'(Shamis & Gentile P.A.)',
'Report to California Attorney '
'General’s office (Oct. 13, 2025)'],
'incident_response_plan_activated': 'Yes (investigation launched '
'post-detection)',
'remediation_measures': ['Notification to affected individuals '
'(Oct. 2025)',
'Free IDX identity theft protection '
'services offered to victims']},
'stakeholder_advisories': ['Free identity theft protection (IDX) offered to '
'victims',
'Legal assistance recommended for affected '
'individuals'],
'threat_actor': 'Unauthorized actor (unknown)',
'title': 'Workers Compensation Insurance Rating Bureau of California (WCIRB) '
'Data Breach',
'type': 'Data Breach (Third-Party System Compromise)'}