Goosehead Insurance Confirms Data Breach Exposes SSNs Following Ransomware Attack

On March 13, 2025, Goosehead Insurance Agency discovered that files within its systems, servers and workstations had been encrypted by an unauthorized actor. An internal investigation revealed that between March 6 and March 13, 2025, this actor gained access to certain systems and downloaded files containing sensitive consumer data. The company reported that the breach affected at least five Maine residents, with the total number of individuals impacted almost certainly higher nationwide.

The information exposed in this incident involved personally identifiable information (PII) including names, Social Security numbers, driver’s license numbers, state identification numbers and financial account information.

The severity of this breach is significant. The attack was the result of a ransomware incident attributed to the group known as CHAOS, who claimed to have stolen 300 GB of Goosehead’s data. The group posted about the hack on the dark web on March 31, 2025. The attackers not only encrypted files but also exfiltrated data, raising the risk of identity theft and financial fraud for those whose information was compromised.

The breach was disclosed to the Maine Attorney General and California Attorney General on Oct. 10, 2025.

Goosehead Insurance Agency's response

After discovering the breach, Goosehead Insurance Agency, LLC acted to investigate and respond to the incident. They assessed the security of their systems and identified potentially affected individuals. The company notified federal law enforcement and began implementing additional safeguards and employee training to help prevent future incidents.

Goosehead provided written notice to affected individuals on Oct. 10, 2025. In these notices, the company offered guidance on protecting against identity theft and fraud, including instructions on how to place a fraud alert or security freeze on credit files, contact information for the major consumer reporting agencies and steps to monitor financial accounts for suspicious activity.

Given the severity and method of this breach—a ransomware attack involving both encryption and data theft—impacted individuals should take the following steps:

• Monitor financial accounts and credit reports for unusual activity
• Consider placing a fraud alert or credit freeze with Equifax, Experian or TransUnion
• Remain vigilant for phishing attempts or suspicious communications
• Report any suspected identity theft to law enforcement and the Federal Trade Commission

For more information, affected individuals can contact Goosehead Insurance’s dedicated assistance line at 855-291-2657, Monday through Friday, 8 a.m. to 8 p.m. CST, or write to Goosehead at 1500 Solana Blvd Building 4, Suite 4500, Westlake, TX 76262. The official notice to consumers will be available at the bottom of this page in PDF format.