Copeland Auto Group Data Breach Affects Dealerships

Copeland Auto Group, owner of multiple automotive dealerships in Massachusetts, experienced a data breach. On Sept. 2, 2025, the company detected suspicious activity within an internal email account. An investigation determined that an unauthorized actor accessed both personally identifiable information (PII) and protected health information (PHI).

Compromised information included names, Social Security numbers, government ID numbers, payment card information, financial account information and health information. The total number impacted individuals has not been released, but the breach may have involved all Copeland dealerships.

Copeland Auto Group and Copeland Chevrolet began notifying affected individuals by mail on Oct. 16, 2025. The cybersecurity incident was disclosed to the Maine, Massachusetts and New Hampshire Attorney Generals offices between Oct. 16, 2025 and Oct. 22, 2025.

The data breach compromised at least 2,731 customers and/or employees of Copeland Chevrolet in Massachusetts.

Copeland Auto Group's response

In response to the breach, Copeland Auto Group changed the password for the compromised email account and implemented multi-factor authentication across its email environment to prevent similar incidents in the future. In addition to state and federal disclosures, the company is offering affected employees and customers 12 free months of Kroll identity monitoring services, which includes credit monitoring, fraud consultation and identity theft restoration.

If you receive a notice from Copeland Auto Group, or a Copeland dealership about this breach, you may want to:

• Sign up for the free identity monitoring services, offered by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.