NASCBF Data Breach Exposes SSNs, Addresses & Financial Info

On Aug. 18, 2025, the North Atlantic States Carpenters Health Benefits Fund (NASCBF) discovered suspicious activity within the network at its Hamden, Conn. office. The information exposed in this breach is extensive and includes both personally identifiable information (PII) and protected health information (PHI).

The organization immediately reset passwords and took steps to contain the incident, then engaged third-party forensic specialists to investigate. The investigation determined that an unauthorized actor accessed and/or acquired certain files from the Connecticut office’s systems on the same day.

The NASCBF is still reviewing the files to identify the full scope of affected individuals. According to the notice, compromised data includes name, date of birth, address, Social Security number, government-issued ID number, financial information (including access codes), medical information, login credentials and health insurance details.

The exposure of PII and PHI puts individuals at risk of identity theft and medical fraud.

The breach was reported to the U.S. Department of Health and Human Services on Oct. 17, 2025. The official notice to consumers, including details and recommended next steps, is available on the NASCBF website. NASCBF has stated that they will notify affected individuals by mail as more information becomes available.

North Atlantic States Carpenters Health Benefits Fund's response

NASCBF responded swiftly to the incident by resetting passwords and limiting access to affected systems as soon as suspicious activity was detected. They engaged cybersecurity experts to conduct a thorough forensic investigation and are continuing to review files to determine exactly whose information was impacted.

To support those affected, NASCBF is offering complimentary credit monitoring services to individuals whose information was involved.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from NASCBF or a company that does business with NASCBF.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

Impacted individuals can inquire more about the data breach at 855-720-3044, Monday through Friday from 9.a.m. to 9 p.m. ET.