Canary Benefits Data Breach Exposes Names and SSNs

A recent data breach at Canary Benefits Inc., a mission-driven fintech company based in New York City, has exposed personally identifiable information (PII) of an unknown number of individuals. The breach was disclosed to the Massachusetts Attorney General’s office on Dec. 17, 2025.

According to the official notice, the incident may have exposed sensitive personal information, including first and last names and Social Security numbers. The exposed data is considered highly sensitive as it includes personally identifiable information (PII) that could be used for identity theft. The company has not disclosed the exact method or cause of the breach, and there is no public information about how the unauthorized access occurred or who was responsible.

Canary Benefits' response

Following the discovery of the breach, Canary Benefits took several steps to support those affected. Out of an abundance of caution, the company arranged for complimentary identity protection services through Cyberscout, a TransUnion company. Impacted individuals are eligible for 24 months of single bureau credit monitoring, credit report access, and credit score services at no cost. Instructions for enrollment, including a unique activation code, are provided in the official notice.

If you receive notification from Canary Benefits or your provider about this breach, you may want to:

• Sign up for the free Cyberscout credit monitoring services, offered by Canary Benefits.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For affected individuals with questions, Canary Benefits has set up a call center at 800-405-6108, Monday through Friday, 8 a.m. to 8 p.m. ET.