Home
>
Data Breach>WCIRB California

WCIRB Data Breach Exposes Personal Names & More

Published
October 16, 2025
Updated
October 16, 2025
WCIRB Data Breach Exposes Personal Names & More
WCIRB California
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

WCIRB California

data breach?

Join the Lawsuit

It's free to join. 

Workers Compensation Insurance Rating Bureau of California (WCIRB), a company that collects and analyzes workers' compensation insurance data, experienced a data breach. On July 9, 2025, the organization discovered a cybersecurity incident when an unauthorized actor accessed on of its third-party systems, Box.com.

An investigation determined that the threat actor acquired sensitive personal information during the incident. This type of cyberattack often compromises both personally identifiable information (PII) and protected health information (PHI).

Exposed information may include names, addresses, dates of birth, Social Security numbers, employment information, health information, medical records and worker's compensation claim information. The breach is considered severe, due to the method of access, a third-party cloud storage compromise, and puts affected individuals at risk for identity theft and fraud.

The data breach was disclosed to the California Attorney General's office on Oct. 13, 2025. WCIRB California has also begun notifying impacted individuals by mail. The total number of workers affected by the cybersecurity incident has not been released, but may include thousands of California residents.

Workers Compensation Insurance Rating Bureau of California's response

After discovering the incident, WCIRB engaged third-party forensic specialists to investigate and confirm the security of their Box.com environment. In addition to required state and federal disclosures, the company is offering free IDX identity theft protection services, which includes credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery assistance.

If you receive a data breach notice from WCIRB or your employer, you may want to:

  • Sign up for the free IDX identity theft protection services, offered by WCIRB.
  • Monitor your credit reports and financial accounts for any unusual activity.
  • Be alert for phishing emails or phone calls that may use your exposed information.
  • Consider placing a fraud alert or credit freeze with major credit bureaus.

More details about Workers Compensation Insurance Rating Bureau of California can be found on the official WCIRB website.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Sources

Disclosures

Breach Summary

Affected Entity
WCIRB California
Consumers Notification date
Date of Breach
October 7, 2025
Breach Discovered Date
Total People Affected
Information Types Exposed

Data Breach Settlements

Fortive Corp. $3M Data Breach Class Action Settlement
University of Minnesota $5M Data Breach Settlement
Heritage Provider Network $49.99M Class Action Settlement
Kerber Eck & Braeckel LLP $1.4M Data Breach Settlement
Cascade Surgicenter Data Breach Class Action Settlement
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image

What to Read Next

PeopleGuru Data Breach Exposes Sensitive PII and PHI
October 16, 2025
PeopleGuru Data Breach Exposes Sensitive PII and PHI
Watsonville Hospital Data Breach Affects Entire Patient Database
October 16, 2025
Watsonville Hospital Data Breach Affects Entire Patient Database
The Phia Group Data Breach Affects PII & PHI
October 16, 2025
The Phia Group Data Breach Affects PII & PHI
Sotheby's Data Breach Exposes Personal Info
October 16, 2025
Sotheby's Data Breach Exposes Personal Info