Insurance Office of America discloses data breach following a June ransomware attack

On Jan. 11, 2026, Insurance Office of America (IOA), one of the largest privately held insurance brokerages in the United States, discovered a significant data breach affecting 12,913 people nationwide, including 15 in Maine.

The breach was the result of a ransomware attack attributed to the DAIXIN Team, a known cybercriminal group. According to a disclosure filed with the Maine Attorney General, the incident occurred after IOA fell victim to a phishing email attack, allowing unauthorized access to internal systems between June 25 and June 30, 2025.

The attackers reportedly accessed and potentially acquired files containing sensitive personal information, including full names and other personally identifiable information (PII).

On July 2, 2025, the DAIXIN Team claimed responsibility on the dark web, stating they had obtained more than 100,000 internal documents and threatened to publish them.

The breach was officially disclosed to regulators on Jan. 16, 2026, and written notifications were sent to affected individuals the same day.

The severity of this incident is heightened by the nature of the data involved and the sophistication of the ransomware attack. The DAIXIN Team is known for targeting healthcare and insurance organizations, often exfiltrating data before encrypting systems and demanding ransom. In this case, the breach exposed a significant volume of sensitive information, increasing the risk of identity theft and fraud for those affected.

‍

Insurance Office of America's response

Upon discovering the breach, IOA immediately launched a comprehensive investigation with external cybersecurity experts to contain the threat and secure its network. The company undertook a detailed review of the compromised files to determine the scope of the data accessed and worked with affected clients and partners before notifying individuals.

To support those impacted, IOA is offering complimentary 24-month credit monitoring and identity protection services through Epiq. These services include credit monitoring, VantageScore credit reports, Social Security number monitoring, dark web surveillance, change of address monitoring, and up to $1 million in identity theft insurance with no deductible.

Given the phishing nature of the attack, IOA recommends that anyone who receives suspicious communications exercise caution, avoid clicking on unfamiliar links or attachments, and report potential phishing attempts.

Additional steps, such as placing a fraud alert or security freeze on credit files, are also advised. Contact information for the major credit bureaus and detailed instructions for these protective measures are included in the written notice provided to affected individuals.