Lockton Data Breach Affects Tens of Thousands Across the USA

On February 5, 2025, Southeast Series of Lockton Companies, LLC ("Lockton"), a regional division of the global insurance brokerage firm Lockton Companies, discovered a significant cybersecurity incident. The breach occurred on November 20, 2024, when Lockton identified suspicious activity involving unauthorized access to a single employee's computer and account within their internal network.

Upon discovering the breach, Lockton immediately launched an investigation, bringing in third-party cybersecurity specialists and notifying law enforcement authorities. The investigation revealed that an unauthorized individual gained access to sensitive files stored on the compromised computer. Lockton conducted a thorough review of the accessed files and determined that these files contained personal information belonging to clients and consumers.

The types of consumer information exposed in this breach include names, addresses, social security numbers, medical information, and dates of birth.

Lockton has reported the breach to multiple state Attorney General offices and federal authorities, providing detailed disclosures in accordance with state and federal regulations.

Lockton disclosed the breach to the U.S. Department of Health and Human Services on February 28, 2025. Additionally, the breach was reported to the Attorney General offices of Massachusetts on February 28, 2025, Maine on March 9, 2025, South Carolina on March 20, 2025, California on March 21, 2025, Vermont on March 21, 2025, and Texas on March 24, 2025.

Lockton's Response

In response to the incident, Lockton has implemented numerous measures aimed at strengthening the security of its systems and data. To assist affected individuals, Lockton is offering complimentary access to Experian IdentityWorks for 24 months. This service provides identity protection and monitoring to help detect and resolve potential misuse of personal information. Enrollment in Experian IdentityWorks is available until June 30, 2025, and will not impact users' credit scores.

Lockton has notified affected consumers directly by mail on March 7, 2025, and has also provided notice through publication in print media and postings on the company's website. The company encourages affected individuals to closely monitor their financial statements, credit reports, and health insurance statements for any suspicious activity or unauthorized transactions.

If you believe you have been affected by this breach, Lockton advises you to enroll in the free Experian IdentityWorks service promptly. For more information about the breach and how to enroll in the identity protection service, please refer to the official notice provided by Lockton, available in PDF format at the bottom of this article.