Waterstreet Company Data Breach Affects 25,115 Individuals

On March 17, 2025, Waterstreet Company, a provider of cloud-based property and casualty (P&C) insurance software, experienced a significant data breach caused by an external cyberattack. The breach was discovered on April 15, 2025, after the company detected suspicious activity within its systems. A subsequent investigation revealed that an unauthorized actor had accessed certain files on Waterstreet’s network on the day of the incident.

A total of 25,115 individuals in the United States were affected by this breach. The compromised data included a combination of personally identifiable information (PII): names, Social Security numbers, and bank account information.

The scale of the breach varied by state, with 7,222 Texas residents, 512 Massachusetts residents, 14 New Hampshire residents, and 4 Maine residents impacted.

The breach stemmed from a cyberattack that resulted in unauthorized access to sensitive files, though there is no evidence at this time of attempted or actual misuse of the information. Waterstreet Company reported the incident to authorities in multiple states, including the Maine Attorney General’s office, Texas Attorney General’s office, Massachusetts Attorney General’s office, and New Hampshire Attorney General’s office. The company began notifying affected individuals by U.S. mail starting May 7, 2025.

Have business associates of Waterstreet Company been affected?

On July 24 and July 25, 2025, Velocity Risk Underwriters filed disclosures with the state attorney generals' offices of New Hampshire and Maine, respectively. These disclosures state that the source of their data being exposed was due to the Waterstreet Company breach.

It is notable that Velocity Risk Underwriters disclosed a total of 41,270 people affected nationwide, in their records alone, while Waterstreet disclosed only 25,115 total people affected.

Waterstreet Company's response

Upon discovering the breach, Waterstreet Company immediately launched an investigation to determine the nature and scope of the incident and worked to restore the security of its systems. The company notified federal law enforcement and has been cooperating with their ongoing investigation.

To support those affected, Waterstreet is offering 12 months of complimentary credit monitoring and identity protection services through IDX. Impacted individuals have been provided with enrollment instructions and are encouraged to sign up for these services by August 7, 2025.

The company’s notification letter also includes detailed guidance on protecting against identity theft and fraud, such as monitoring account statements, placing fraud alerts or credit freezes, and contacting the major credit bureaus.