Cunningham Group Data Breach Exposes Social Security Numbers

On Sept. 10, 2024, James H Cunningham Insurance Agency (doing business as Cunningham Group) detected suspicious activity on its computer network. The company responded by immediately securing its systems, notifying law enforcement and launching an investigation with cybersecurity experts. The investigation determined that an unknown, unauthorized party had accessed the agency’s network between Sept. 6, 2024, and Sept. 13, 2024, and may have acquired certain files from its systems.

A thorough review of the impacted files revealed that sensitive consumer information was exposed. The types of information potentially compromised include personally identifiable information (PII) such as names, addresses, Social Security numbers, driver’s license numbers, government-issued ID numbers (including state ID cards and passport numbers), dates of birth and credit or debit card numbers. In addition, financial account information and protected health information (PHI), including medical and health insurance details, may also have been involved.

The breach affected at least 1,283 individuals in Texas, 80 Montana residents, 16 in New Hampshire and 47 in Massachusetts, according to filings with state authorities. The total number of affected individuals may be higher, as the agency also reported the incident to the California Attorney General’s office. The breach was officially disclosed to the California, Massachusetts, New Hampshire and Montana Attorney Generals' on Aug. 25, 2025, and to the Texas Attorney General on Aug. 26, 2025.

The breach is considered severe due to the breadth of information exposed, including both PII and PHI, as well as financial data. The unauthorized access lasted for approximately one week before it was detected and contained. At this time, there is no evidence that the stolen information has been misused for identity theft or fraud, but the risk remains due to the nature of the data involved.

James H Cunningham Insurance Agency's response

Recognizing the sensitivity of the information involved, Cunningham Group is offering affected individuals complimentary credit monitoring and identity protection services through Experian IdentityWorks Credit 3B. Impacted consumers are eligible for up to two years of free credit monitoring, identity restoration assistance and up to $1 million in identity theft insurance. Enrollment instructions and activation codes were sent by U.S. mail to those affected.

Anyone who receives a notice from Cunningham Group is encouraged to take advantage of the free credit monitoring services. Additionally, individuals should remain vigilant by reviewing account statements, monitoring credit reports and considering placing a fraud alert or security freeze on their credit files. The company’s notification letters provide detailed instructions and resources for protecting against potential identity theft, including contact information for the major credit bureaus and the Federal Trade Commission.