California Casualty Data Breach Exposes Social Security Numbers

California Casualty Indemnity Exchange, a customer-owned insurance company focused on serving educators, law enforcement, firefighters and nurses, recently experienced a data breach that exposed sensitive personal information of some policyholders. The breach was discovered on Nov. 5, 2025, and involved unauthorized access to the company’s IT network.

According to filings with state attorneys general, including California, Maine and Massachusetts, the incident began when California Casualty Indemnity Exchange detected suspicious activity within its IT systems. The company responded by isolating certain systems and launching an investigation with the help of a third-party cybersecurity firm. Law enforcement was also notified.

The investigation determined that between Sept. 2 and Sept. 8, 2025, an unauthorized individual gained access to the company’s network and was able to copy files containing personal information. The company completed a comprehensive review of the impacted data and confirmed on Nov. 5, 2025, that files containing sensitive information had been compromised.

The types of consumer information exposed in this incident included names, Social Security numbers, dates of birth, driver’s license or state identification numbers, tax identification numbers and financial account numbers. This information is considered personally identifiable information (PII) and, if misused, could put affected individuals at risk of identity theft or financial fraud.

Based on disclosures to state regulators, the breach affected at least two residents in Maine and three in Massachusetts.

The company began mailing written notification letters to affected consumers on Nov. 19, 2025.

California Casualty Indemnity Exchange's response

California Casualty is offering complimentary 24-month memberships to Experian IdentityWorks, which provides credit monitoring, identity theft detection and identity restoration services. This service is free of charge and does not impact credit scores.

Affected individuals will receive instructions on how to activate their membership along with their notification letter. Additionally, the company has set up a dedicated, toll-free call center for questions related to the breach.

Affected individuals are encouraged to take advantage of the offered credit monitoring, regularly review account statements, obtain free credit reports from the three major credit bureaus and consider placing a fraud alert or security freeze on their credit files. If any suspicious activity is detected, individuals should promptly contact the appropriate authorities, including the Federal Trade Commission and local law enforcement.