# Churchill Claims Services Data Breach Exposes 2,610 Records

Churchill Claims Services Inc., a nationwide independent insurance claims adjusting and investigation firm based in Clearwater, Florida, has disclosed a data breach affecting approximately 2,610 individuals in the United States. Founded in 2001, the company handles a wide variety of insurance claims across all 50 states, including automobile, general liability, property, professional liability, vehicle appraisals and fraud investigations for major national and regional carriers such as Hanover Insurance, Allstate, Scottsdale Insurance, Travelers Insurance and Great American. The firm is estimated to have between 11 and 50 employees and annual revenue of approximately $6.4 million.

The company discovered the breach on March 31, 2026. The breach was filed with the Maine Attorney General on April 27, 2026, with 58 Maine residents identified as affected. It was also reported to the Massachusetts Office of Consumer Affairs and Business Regulation on April 28, 2026, with 39 Massachusetts residents affected, and to the Vermont Attorney General on the same date. Consumer notifications are being sent in writing beginning April 27, 2026.

What happened in the Churchill Claims Services data breach

The breach was the result of a ransomware attack. On Oct. 10, 2025, a ransomware group known as Securotrop posted a claim on the Tor network, a part of the dark web, stating it had obtained 240 gigabytes of Churchill Claims Services' internal data. Ransomware is a type of cyberattack in which hackers gain unauthorized access to a company's computer systems. Attackers often steal or encrypt data and may demand payment in exchange for returning access or not publishing the stolen information.

According to the dark web posting, the leaked files covered a broad range of company records. The stolen data reportedly included insured vehicle lists containing client names and contact details, along with appraisal logs and profit margin analyses. Employee phone numbers, compensation records and various scanned documents from the company's executive and general divisions were also listed among the exposed files.

Approximately six months passed between Securotrop's dark web posting and the company's discovery of the incident. In its notification to consumers, Churchill Claims Services described the event as "a data security incident that may have affected the privacy of your information."

The types of personally identifiable information confirmed as exposed included Social Security numbers and government ID numbers.

Churchill Claims Services' response to the breach

According to its notification letter, Churchill Claims Services stated that it "takes this incident seriously" and is providing affected individuals with details about the incident, the company's response and steps they can take to help protect their information.

The company is offering affected individuals 24 months of complimentary credit monitoring and identity theft protection services at no cost to them. These services include a $1,000,000 identity theft insurance policy and proactive fraud assistance to help those who may become victims of fraud. The credit monitoring provides same-day alerts when changes occur to an individual's credit file at the bureau, offering ongoing visibility into potentially suspicious activity, according to the notification.

These protective services are provided through Cyberscout, a TransUnion company that specializes in fraud assistance and remediation. To enroll, affected individuals can visit Cyberscout's activation page and enter the unique code included in their notification letter. Enrollment must be completed within 90 days of the date of the letter. The enrollment process requires an internet connection and an email account, and services may not be available to minors under the age of 18.

The company has also established a dedicated phone line through Cyberscout at 833-877-7557, available Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Time. According to the notification, representatives staffing the line are fully versed in the incident and can answer questions.

The written notification also informed affected individuals of their rights under Massachusetts law, including the ability to obtain any police report filed in connection with the incident and the right to file a police report if the individual becomes a victim of identity theft. The notification provided detailed guidance on placing security freezes with the three major credit bureaus and included contact information for the Federal Trade Commission's consumer resources. Churchill Claims Services encouraged affected individuals to enroll in the complimentary credit protection services being offered.

Steps to take if your information was exposed

• Place a credit freeze with Equifax (1-800-685-1111), Experian (1-888-397-3742) and TransUnion (1-888-909-8872) to prevent new accounts from being opened without authorization.
• Set up a fraud alert by contacting one of the three major credit bureaus, which will notify the other two on the consumer's behalf.
• Request free credit reports at AnnualCreditReport.com and review them carefully for any unfamiliar accounts or inquiries.
• Monitor financial accounts and statements closely for unauthorized transactions and report any suspicious activity to the relevant financial institution.
• Watch for phishing attempts that reference Churchill Claims Services or this breach by name, as scammers may use the incident to trick people into sharing more personal information.
• Report suspected identity theft to the Federal Trade Commission at IdentityTheft.gov or by calling 1-877-438-4338.