North Atlantic States Carpenters Benefits Fund Data Breach Affects 110k

On Aug. 18, 2025, the North Atlantic States Carpenters Benefits Fund (NASCBF) discovered suspicious activity within the network at its Hamden, Conn. office. The data breach exposed has exposed both personally identifiable information (PII) and protected health information (PHI).

The organization reset passwords and took steps to contain the incident, then engaged third-party forensic specialists to investigate. The investigation determined that an unauthorized actor accessed and/or acquired certain files from the Connecticut office’s systems on the same day.

The NASCBF is still reviewing the files to identify the full scope of affected individuals. According to the Indiana Attorney General, 110,435 people have been affected. This includes 28,349 Massachusetts residents, 2,063 Maine residents, and 567 Texas residents have been affected.

The breach was reported to the U.S. Department of Health and Human Services on Oct. 17, 2025. The official notice to consumers, including details and recommended next steps, is available on the NASCBF website.

Additionally, the attorneys general offices of Maine, Massachusetts, Texas, and Vermont have been notified. NASCBF has stated that they will notify affected individuals by mail as more information becomes available.

According to the notices, compromised data includes name, date of birth, address, Social Security number, government-issued ID number (including passport and state ID card), financial information (including access codes, credit/ debit card numbers), medical information, login credentials and health insurance details.

North Atlantic States Carpenters Benefits Fund's response

NASCBF responded swiftly to the incident by resetting passwords and limiting access to affected systems as soon as suspicious activity was detected. They engaged cybersecurity experts to conduct a thorough forensic investigation and are continuing to review files to determine exactly whose information was impacted.

To support those affected, NASCBF is offering complimentary credit monitoring services to individuals whose information was involved.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from NASCBF or a company that does business with NASCBF.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

Impacted individuals can inquire more about the data breach at 855-720-3044, Monday through Friday from 9.a.m. to 9 p.m. ET.