Summit Insurance Services Data Breach Affects 2k

Summit Insurance Services Inc., an independent insurance agency headquartered in Jackson, Wyoming, disclosed a data breach connected to a security incident that occurred in late 2024.

The breach was reported to the Maine Attorney General, to the Massachusetts Attorney General, and to the Vermont Attorney General on March 26, 2026. Consumer notices were sent by first-class mail in March 2026.

The total number of affected individuals is 2,290, including three Maine residents and four Massachusetts residents.

What happened in the Summit Insurance Services data breach

Summit experienced a data security incident that occurred between Sept. 18, 2024, and Dec. 2, 2024.

The incident was first detected on Dec. 2, 2024, meaning that unauthorized access to the company's systems may have persisted for approximately two and a half months before discovery. A third-party forensic investigation later confirmed this timeline.

Following a review of the data potentially affected, the company determined that personal information it held may have been accessed or compromised during this period. However, at this time, the specific types of personal information that may have been exposed were not disclosed.

The total number of people affected across the United States was not disclosed in the available filings.

Summit Insurance Services' response to the breach

As part of its response, the company is offering affected individuals complimentary credit monitoring, credit report and credit score services through TransUnion. The monitoring services provide alerts when changes occur to an individual's credit file. These services are being administered by Cyberscout, a TransUnion company specializing in fraud assistance and remediation.

The company is also providing proactive fraud assistance to help affected individuals with questions or in the event they become a victim of fraud.

Affected individuals can activate these services using the unique code included in their notification letter. Enrollment must be completed within 90 days of the letter's date. To enroll, individuals will need an internet connection and an email account, and may be asked to provide their name, date of birth and Social Security number to confirm their identity.

Representatives can be reached at 1-800-405-6108 between 8 a.m. and 8 p.m. Eastern time, Monday through Friday, excluding U.S. holidays. The call center will remain available for 90 days from the date of the notification letter.

Steps to take if your information was exposed

• Place a fraud alert with the three major credit bureaus. Contact Equifax, TransUnion or Experian to place a one-year fraud alert that tells creditors to verify identity before opening new accounts.
• Consider placing a security freeze on your credit reports. A freeze can be placed for free by contacting one of the three major credit bureaus
• Request and review your free credit reports. Visit AnnualCreditReport.com or use the Annual Credit Report Request Form to check for unfamiliar accounts or suspicious activity.
• Request an IRS Identity Protection PIN. An IP PIN prevents someone from filing a fraudulent tax return using a stolen Social Security number and can be obtained through the IRS Get an IP PIN tool.
• Be cautious of phishing attempts that reference Summit Insurance Services or this breach. Scammers sometimes use breach notifications to trick people into sharing additional personal information.
• Report suspected identity theft to the appropriate authorities. Contact the Federal Trade Commission (1-877-438-4338) or one's state attorney general office