Waterstreet Company Data Breach Affects 25,115 Individuals

On March 17, 2025, Waterstreet Company, a provider of cloud-based property and casualty (P&C) insurance software, experienced a significant data breach caused by an external cyberattack. The breach was discovered on April 15, 2025, after the company detected suspicious activity within its systems. A subsequent investigation revealed that an unauthorized actor had accessed certain files on Waterstreet’s network on the day of the incident.

A total of 25,115 individuals in the United States were affected by this breach. The compromised data included a combination of personally identifiable information (PII): names, Social Security numbers, and bank account information.

The scale of the breach varied by state, with 7,222 Texas residents, 512 Massachusetts residents, 14 New Hampshire residents, and 4 Maine residents impacted.

The breach stemmed from a cyberattack that resulted in unauthorized access to sensitive files, though there is no evidence at this time of attempted or actual misuse of the information. Waterstreet Company reported the incident to authorities in multiple states, including the Maine Attorney General’s office, Texas Attorney General’s office, Massachusetts Attorney General’s office, and New Hampshire Attorney General’s office. The company began notifying affected individuals by U.S. mail starting May 7, 2025.

Waterstreet Company's response

Upon discovering the breach, Waterstreet Company immediately launched an investigation to determine the nature and scope of the incident and worked to restore the security of its systems. The company notified federal law enforcement and has been cooperating with their ongoing investigation.

To support those affected, Waterstreet is offering 12 months of complimentary credit monitoring and identity protection services through IDX. Impacted individuals have been provided with enrollment instructions and are encouraged to sign up for these services by August 7, 2025. The company’s notification letter also includes detailed guidance on protecting against identity theft and fraud, such as monitoring account statements, placing fraud alerts or credit freezes, and contacting the major credit bureaus.

Given the sensitive nature of the information exposed—especially Social Security numbers and bank account details—those affected should remain vigilant for signs of identity theft or financial fraud. It is recommended to take advantage of the free credit monitoring, review your credit reports, and consider placing a fraud alert or credit freeze on your accounts. If you notice any suspicious activity, promptly report it to your financial institution and the appropriate authorities.