Illumifin Data Breach Exposes Social Security Numbers

Greenville, South Carolina based insurance tech company and third-party administrator, Illumifin Corp., disclosed a data breach after discovering unauthorized access to its network in November 2025.

As a third-party administrator with over 2,500 employees and eight operating locations, illumifin handles sensitive personal information on behalf of more than 100 insurance carrier clients across the North American life, health, annuity and long-term care markets.

The first state regulatory disclosure was submitted to the Massachusetts Office of Consumer Affairs and Business Regulation for the affected entity, Liberty Bankers Life Ins Co. It is unclear whether the disclosure was submitted by or on behalf of Liberty Bankers Life.

Illumifin discovered the breach on Nov. 4, 2025, informed their affected clients of the incident on January 9, 2026, and provided them with their respective lists of affected individuals on or around February 25, 2026.

Upon discovering the unusual network activity, illumifin engaged a third-party forensic cybersecurity firm to assist with its investigation, according to the company's notification to consumers. The company also notified law enforcement authorities about the incident.

The investigation determined that an unauthorized person gained access to illumifin's network and acquired copies of certain files stored on the company's systems.

On Nov. 10, 2025, the company learned that some of the compromised files may have contained information it received from or on behalf of its insurance carrier clients in connection with the administration services it provides. Those services include processing insurance policies, supporting underwriting, handling claims assessments and managing policy owner services for life, health, long-term care and annuity products.

illumifin conducted a comprehensive review and analysis of the affected files to determine what information they contained and which individuals were affected, and confirmed Social Security numbers were exposed in the breach.

Because illumifin operates as a third-party administrator rather than a direct insurer, the affected individuals are policyholders or other consumers whose data the company maintained on behalf of its insurance carrier clients. Some affected individuals may not have previously been aware that illumifin held their personal information.

Illumifin's response

The company stated in its notification that it has "implemented, and will continue to adopt, additional safeguards to further protect and monitor our systems" to help prevent similar incidents in the future.

As a precaution, illumifin is offering affected individuals a complimentary membership to identity monitoring services. The duration of the complimentary membership varies, with some individuals receiving one year of coverage and others receiving two years, according to the notification. Enrollment details and instructions were included with the notification letters sent to affected individuals.

Affected individuals who have questions can reach illumifin by calling 877-431-5824, Monday through Friday, during business hours in Central Time. The company can also be contacted by mail at 7805 Hudson Road, Suite 180, Woodbury, MN 55125.

Because Social Security numbers were among the information exposed, this breach carries a heightened risk of identity theft and fraud for those affected. Social Security numbers are one of the most sensitive types of personal information and can be used by criminals to open fraudulent credit accounts, file false tax returns or commit other forms of identity theft that may take years to fully resolve.