Lockton Data Breach Affects Over One Million Americans: SSNs Exposed

Published

March 24, 2025

Updated

April 14, 2025

Lockton

Types of INFORMATION affected

Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info

On February 5, 2025, Southeast Series of Lockton Companies, LLC ("Lockton") discovered a significant data breach involving unauthorized access to sensitive personal information of 1,055,380 people in the United States. The breach occurred on November 20, 2024, when Lockton identified suspicious activity on one of its internal computers.

An investigation revealed that an unauthorized party accessed a single individual account and computer within Lockton's environment, obtaining certain files containing personal consumer data. Lockton then conducted an extensive review of the compromised files to identify affected individuals. The review concluded on February 5, 2025, confirming that personal information of numerous individuals was exposed.

Information Exposed:

Full names
Addresses
Social Security numbers
Medical information
Health insurance information
Dates of birth

Individuals affected by region:

United States: 1,055,380 residents
Texas: 102,586 individuals (up from the original 9,586 figure - updated April 10, 2025)
South Carolina: 11,007 individuals
Massachusetts: 2 individuals
Maine: 1 individual

Lockton began notifying affected consumers on March 7, 2025, via U.S. mail, publication in print media, and postings on the company's website. The company disclosed the breach to multiple state attorney general offices and the U.S. Department of Health and Human Services.

Lockton's Response

Following the data breach, Lockton implemented several measures designed to enhance the security of its systems and data. To support affected individuals, Lockton is offering complimentary 24-month memberships to Experian IdentityWorks, an identity protection service. This service provides identity theft detection, credit monitoring, identity restoration support, and up to $1 million in identity theft insurance. Affected consumers must enroll by June 30, 2025, to take advantage of this offer.

Lockton encourages individuals impacted by this breach to take proactive steps to protect their personal information. Consumers should closely monitor their credit reports and financial account statements for unauthorized activity. Individuals can request free annual credit reports from the three major credit bureaus (Equifax, Experian, and TransUnion) at AnnualCreditReport.com.

Additionally, consumers may consider placing a security freeze or fraud alert on their credit files to prevent new accounts from being opened in their names without consent. For detailed information on how to place a security freeze or fraud alert, affected individuals can refer to Lockton's official notice, available in PDF format at the bottom of this article.

For further assistance or questions about this data breach, consumers can contact Lockton's dedicated support line provided in their notification letters.

About Southeast Series of Lockton Companies

Southeast Series of Lockton Companies, LLC is a regional division of Lockton Companies, a global insurance brokerage and risk management firm. Founded in 1966 by Jack Lockton and headquartered in Kansas City, Missouri, Lockton Companies is the world's largest privately held insurance brokerage firm. The company operates over 130 offices worldwide, serves clients in more than 140 countries, and employs over 10,750 associates globally. In fiscal year 2023, Lockton Companies generated global revenues of $3.1 billion.

The Southeast Series division specifically serves clients in the southeastern United States, with offices in cities such as Atlanta, Charlotte, Birmingham, and Tampa.

Additional Information and Resources

For more details about this breach, consumers can review official disclosures filed with various state attorney general offices and the U.S. Department of Health and Human Services: