Cove Risk Services Data Breach Affects 49k People Exposing Social Security Numbers

On May 5, 2025, Cove Risk Services discovered a network disruption that led to a comprehensive investigation. The company determined that, on or around May 3, 2025, certain information within its systems was subject to unauthorized access or acquisition.

This breach affected a total of 49,385 individuals across the United States, including 182 residents of Maine, as reported in the official disclosure to the Maine Attorney General.

According to the company's website notice, the exposed information includes a combination of personally identifiable information (PII) and protected health information (PHI): names, dates of birth, Social Security numbers, driver’s license or state-issued identification numbers, passport numbers, health insurance information, medical information, and financial account information.

The company completed its review of the incident on Nov. 10, 2025, and began notifying affected individuals on Dec. 12, 2025.

Cove Risk Services' response

Cove Risk Services is offering complimentary credit monitoring and identity protection services for 12 months through Cyberscout, a TransUnion company. Affected individuals are encouraged to enroll in these services within 90 days of receiving their notification letter. The company has also set up a dedicated assistance line for questions and support.

Given the types of information involved, affected individuals should remain vigilant for signs of identity theft or fraud. It is recommended to regularly review credit reports and account statements for suspicious activity. Individuals have the right to place a fraud alert or credit freeze on their credit files at no cost, which can provide additional protection.