A data breach four months ago has Warwick-based Beacon Mutual Insurance notifying people whose personal information was compromised in the incident.
A message on the company website states more than 131,000 people in Rhode Island are impacted.
NBC 10 News has learned the number includes thousands of state workers.
Files that were hacked included Social Security numbers, financial account numbers, and health information, according to the company.
According to the message on its website, and a letter shown to NBC 10 News, Beacon Mutual began mailing letters on May 18.
The breach has prompted a class action lawsuit filed by a state worker Friday.
Beacon Mutual specializes in workers’ compensation insurance and provides the service to Rhode Island state employees.
“Beacon Mutual completed an investigation of unauthorized activity on our computer network. Upon learning of the activity on January 14, 2026, Beacon Mutual took action to contain it, began an investigation, and reported the incident to law enforcement. The investigation determined that an unauthorized person gained access to some of Beacon Mutual’s systems between January 7 and January 14, 2026, and acquired copies of certain files,” the message on the Beacon Mutual web site reads.
“We provided notice as soon as possible upon determining the personal information that was involved and identifying addresses for those individuals,” Beacon Mutual Assistant Vice President of Marketing & Communications Michelle Pelletier wrote in response to NBC 10’s questions Friday.
“This was a ransomware attack. We proactively isolated certain systems to contain the threat,” Pelletier wrote.
The new message on the company site states, “Beacon Mutual then undertook a comprehensive and time-intensive review of the involved files and determined that one or more of those files contained the first name or first initial and last name along with one or more of: Social Security number, driver’s license number, financial account number, health insurance information and/or medical treatment information.”
“We regret any inconvenience this matter may cause and appreciate the patience and understanding of our policyholders, partners, and other stakeholders. Beacon Mutual has taken, and will continue to take, steps to enhance the security of our computer network to prevent something like this from happening in the future,” the message reads.
“For individuals whose information was involved in the incident, Beacon Mutual recommends that they review their credit reports and financial account statements for any unauthorized activity,” Pelletier wrote to NBC 10.
Beacon Mutual has established a tollfree call center at 833-918-8448.
State of Rhode Island records show the state has paid Beacon Mutual about $90 million over the last four years, as it processes hundreds of transactions per year.
Rhode Island Department of Administration spokeswoman Karen Greco wrote in a statement to NBC 10, “Beacon Mutual, the State’s Workers’ Compensation insurance provider, informed the State of Rhode Island that they experienced a data breach in January that potentially exposed personal identifiable information (PII) that belonged to approximately 4,500 current and former state employees. The compromised Beacon Mutual system does not connect to a State of Rhode Island network and at no time were the State’s systems at risk. Beacon Mutual has informed us that they are directly notifying any affected individuals.”
A class action lawsuit, filed by attorney Peter Wasylyk on behalf of state worker Aria DiMeo, seeks lifetime credit monitoring and damages for those impacted by the breach.
“Despite learning of the Data Breach on or about January 14, 2026, and determining that Private Information was involved in the breach, Defendant did not begin sending notices of the Data Breach (the “Notice of Data Breach Letter”) until on or about May 18, 2026 — more than four months later,” the lawsuit states.
“The Data Breach was a direct result of Defendant’s failure to implement adequate and reasonable cyber-security procedures and protocols,” Wasylyk alleges in the lawsuit. “Identities are now at substantial and imminent risk because of Defendant’s negligent conduct since the Private Information that Defendant collected and maintained (including Social Security numbers) is now in the hands of data thieves.”
Wasylyk wrote in a statement to NBC 10, “Data breaches involving companies, especially operating in industries such as insurance and healthcare, such as The Beacon Mutual Insurance Company, which are entrusted with extraordinarily sensitive medical and financial information, can create long-term consequences for data breach victims, including financial harm, privacy violations, and emotional distress. This lawsuit is about accountability and making sure the data breach victims receive meaningful protections.”
Click Here For The Original Source.
