illumifin Data Breach Impacts 41k: Social Security Numbers and More Exposed

Greenville, South Carolina based insurance tech company and third-party administrator, Illumifin Corp. (stylized as illumifin), disclosed a data breach after discovering unauthorized access to its network in November 2025. The breach affected 41,948 individuals, including 6,724 Texas residents, 1,903 Indiana residents, 786 South Carolina residents, 21 Massachusetts residents, and 15 New Hampshire residents.

The disclosure was submitted to the attorneys general of California, Indiana, Massachusetts, New Hampshire, South Carolina, and Texas. illumifin additionally disclosed a filing to the Massachusetts OFCABR for the affected entity, Liberty Bankers Life Ins Co.

illumifin discovered the breach on Nov. 4, 2025, informed their affected clients of the incident on January 9, 2026, and provided them with their respective lists of affected individuals on or around February 25, 2026.

Upon discovering the unusual network activity, illumifin engaged a third-party forensic cybersecurity firm to assist with its investigation, according to the company's notification to consumers. The company also notified law enforcement authorities about the incident.

The investigation determined that an unauthorized person gained access to illumifin's network and acquired copies of certain files stored on the company's systems.

On Nov. 10, 2025, the company learned that some of the compromised files may have contained information it received from or on behalf of its insurance carrier clients in connection with the administration services it provides. Those services include processing insurance policies, supporting underwriting, handling claims assessments and managing policy owner services for life, health, long-term care and annuity products.

illumifin conducted a comprehensive review and analysis of the affected files to determine what information they contained and which individuals were affected, and confirmed names, addresses, Social Security numbers, dates of birth, health insurance information, and medical records were exposed in the breach.

Because illumifin operates as a third-party administrator rather than a direct insurer, the affected individuals are policyholders or other consumers whose data the company maintained on behalf of its insurance carrier clients. Some affected individuals may not have previously been aware that illumifin held their personal information.

illumifin's response

illumifin is offering affected individuals a complimentary membership to identity monitoring services. The duration of the complimentary membership varies, with some individuals receiving one year of coverage and others receiving two years, according to the notification. Enrollment details and instructions were included with the notification letters sent to affected individuals.

Affected individuals who have questions can reach illumifin by calling 877-431-5824, Monday through Friday, during business hours in Central Time. The company can also be contacted by mail at 7805 Hudson Road, Suite 180, Woodbury, MN 55125.