.png)
VAC Insurance Agency Data Breach Affects Customer Info
Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info
Victor A. Campanile Insurance Agency (VAC) experienced a major data breach. On or around March 21, 2025, the insurance agency discovered suspicious activity within one of its email accounts. An investigation revealed that two internal email accounts were potentially accessed by a cybercriminal.
A review was completed on Sept. 5, 2025 and Victor A. Campanile Insurance Agency determined that the data breach compromised both personally identifiable information (PII) and protected health information (PHI). Exposed information included names, Social Security numbers, driver's license or state ID copies, medical information and payment information.
VAC began notifying impacted individuals by mail on Sept. 24, 2025. The cybersecurity incident was also disclosed to the Massachusetts Attorney General on Sept. 26, 2025.
The total number of customers involved in the data breach has not been released, but is believed to be in the thousands. This type of cyberattack can be particularly severe due to the volume and sensitivity of information often transmitted via internal company emails.
Victor A. Campanile Insurance Agency's response
In response to the incident, VAC immediately changed credentials for affected users and engaged cybersecurity experts. In addition to required state and federal disclosures, the insurance agency is offering impacted customers 24 months of free single-bureau credit monitoring services.
If you receive a notice from VAC about this breach, you may want to:
- Sign up for the free credit monitoring services within 90 days of receiving your data breach letter.
- Monitor your credit reports and financial accounts for any unusual activity.
- Be alert for phishing emails or phone calls that may use your exposed information.
- Consider placing a fraud alert or credit freeze with major credit bureaus.
The agency also established a dedicated assistance line at 888-844-1146, Monday through Friday, 8 a.m. to 11 p.m. Eastern time, and Saturday, 9 a.m. to 6 a.m.
More information about the insurance agency can be found on the VAC Insurance Agency website.
Protect Your Data
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.
Data Breach Settlements
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
What to Read Next
Subscribe to our weekly class actions newsletter.
.svg)