RMS Data Breach Impacts PII of Thousands of Individuals in U.S.

On June 19, 2025, Risk Management Services LLC (RMS), a Louisiana-based third-party administrator, discovered a data breach affecting the personal information of thousands of individuals. An investigation revealed that on or around Feb. 23, 2025, an unauthorized actor gained access to RMS internal systems and may have accessed or acquired personal and protected health information.

Risk Management Services provides administrative services for LCTA Mutual Holding Co., LCTA Casualty Insurance Co., and LCTA Workers’ Comp. Compromised information includes full names, addresses, dates of birth, Social Security numbers and medical information related to reported injuries. According to reports, the data breach impacted at least 22,300 individuals.

The company began notifying affected individuals by mail on Aug. 29, 2025. The cybersecurity incident was also disclosed to the Maine Attorney General's office on Sept. 2, 2025.

Risk Management Services' response

After detecting the breach, RMS took steps to contain the unauthorized access, engaged cybersecurity experts and notified law enforcement. In addition to state and federal disclosures, the organization is offering impacted individuals free Epiq Privacy Solutions ID credit monitoring and identity theft protection services.

If you receive a notice from Risk Management Services about this breach, you may want to:

• Sign up for the free credit monitoring services, provided by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

More information about the company can be found on the Risk Management Services website.