STRATeBEN Data Breach Exposes Social Security Numbers and Dates of Birth

Insurance data breach illustration
Breach Discovery: 3rd December 2025Breach Notification: 26th March 2026

What Happened in the STRATeBEN Data Breach?

STRATeBEN, an employee benefits consulting and technology firm based in Bethesda, Maryland, has disclosed a data breach affecting members of group health plans it helps manage. The company discovered the breach on Dec. 3, 2025. As a result, STRATeBEN launched an investigation to determine what happened and who was affected.

According to the notification, the STRATeBEN data breach began with a phishing attack that compromised an employee’s Microsoft 365 email account. Because the attacker gained access to this account, they were able to view its contents over an extended period. The unauthorized party accessed the account intermittently between Aug. 14, 2025, and Nov. 9, 2025, meaning the intrusion spanned nearly three months before it was detected.

The compromised account held files that employer clients had shared with STRATeBEN to help manage their employee benefit plans. After discovering the breach, STRATeBEN conducted a thorough review of these files. On March 18, 2026, the company confirmed that some of the files contained personal information belonging to health plan members. This confirmation came more than three months after the initial discovery, reflecting the time needed for a careful forensic review.

Who was affected?

The STRATeBEN data breach did not affect STRATeBEN’s own employees. Instead, it affected current and former members of group health plans managed by employers that use STRATeBEN’s consulting and technology services. This means the affected individuals are likely employees, dependents, or retirees connected to businesses that rely on STRATeBEN for benefits administration.

The total number of individuals affected nationwide has not been publicly disclosed. However, regulatory filings show at least four Massachusetts residents were affected, and STRATeBEN also notified the Vermont attorney general. Because STRATeBEN provides services to multiple employer clients, the true scope of affected individuals across the country could be significantly larger than what state filings reveal.

What Information Was Potentially Exposed?

The personal information exposed in the STRATeBEN breach is considered highly sensitive. Since the compromised files were tied to health plan administration, they likely contained data used for enrollment, claims, or eligibility verification. The following categories of information were confirmed as exposed:

  • Full names
  • Social Security numbers
  • Dates of birth

This combination of data is particularly valuable to criminals. For example, a Social Security number paired with a full name and birth date gives fraudsters nearly everything needed to open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. As a result, affected individuals face a heightened risk of identity theft that could persist for years.

In addition to financial fraud, this type of exposure can lead to medical identity theft or fraudulent insurance claims, given the health plan context of the breach. Because the stolen data doesn’t expire or change like a password, affected individuals should remain vigilant for suspicious activity well into the future, not just in the weeks immediately following notification.

What is the company doing?

After confirming the exposure, STRATeBEN began notifying affected individuals by first-class mail starting March 26, 2026. The company also reported the breach to the Massachusetts and Vermont attorneys general on the same date, fulfilling its regulatory obligations under state breach notification laws.

Given the sensitivity of the exposed information, STRATeBEN is offering one year of complimentary identity monitoring through Kroll, a global risk mitigation firm. This service includes triple-bureau credit monitoring, which alerts enrolled individuals to changes on their credit reports at Equifax, Experian, and TransUnion. Affected individuals also get unlimited access to Kroll fraud specialists who can help with fraud alerts and investigate suspicious activity.

To help answer questions, STRATeBEN set up a dedicated toll-free call center staffed Monday through Friday. This resource allows affected individuals to get direct answers about the incident and the steps they can take to protect themselves. The company has also made its enrollment process accessible through a unique membership number included in each notification letter.

What Should Affected Individuals Do?

Enroll in the Offered Identity Monitoring Services

Affected individuals should take advantage of the free identity monitoring services STRATeBEN is offering through Kroll. This service can catch early warning signs of fraud that might otherwise go unnoticed for months. Because enrollment requires a unique membership number, individuals should locate their notification letter before beginning the process.

Additionally, the fraud consultation specialists included in this service can walk affected individuals through their rights. They can also help place fraud alerts and investigate any suspicious activity discovered on a credit report. Taking advantage of this free resource costs nothing and provides valuable peace of mind.

Place a Fraud Alert or Credit Freeze

Because Social Security numbers were exposed, affected individuals should strongly consider placing a fraud alert or credit freeze with all three major credit bureaus. A credit freeze makes it significantly harder for criminals to open new accounts using stolen personal information. This step is one of the most effective ways to prevent identity theft after a breach involving Social Security numbers.

To place a freeze, individuals can contact Equifax, Experian, and TransUnion directly using the phone numbers provided in their notification letter. While a freeze may require a temporary lift when applying for new credit, this small inconvenience is a worthwhile tradeoff. In contrast, a fraud alert is easier to set up but offers a lower level of protection.

Monitor Financial Accounts and Credit Reports

Affected individuals should regularly check their bank and credit card statements for unauthorized transactions. This means reviewing statements line by line rather than skimming them quickly. Any unfamiliar charges, no matter how small, should be reported to the financial institution right away.

In addition, individuals should request free credit reports at AnnualCreditReport.com and review them for unfamiliar accounts or hard inquiries. Because identity thieves sometimes wait months before using stolen data, ongoing monitoring is more effective than a single check immediately after notification. Consistent vigilance over the coming months and years is essential.

Stay Alert for Phishing and Scam Attempts

Scammers often exploit real data breaches to trick victims into revealing even more personal information. Because of this, affected individuals should be cautious of any communication that references STRATeBEN or this breach by name. Legitimate notifications will never ask for a Social Security number or password over email or phone.

If anyone receives a suspicious message claiming to be from STRATeBEN or Kroll, they should verify it directly through the official call center number rather than clicking links or replying. This simple habit can prevent a data breach from turning into a more damaging scam. When in doubt, it’s always safer to hang up and call back using a verified number.

Report Suspicious Activity and Consider Legal Options

If any signs of identity theft or fraud appear, affected individuals should file a report with the Federal Trade Commission at IdentityTheft.gov. This creates an official record that can help resolve fraudulent accounts more quickly. Local law enforcement should also be contacted to file a police report if misuse of personal information is suspected.

Because Social Security numbers and dates of birth were exposed, some affected individuals may also want to consult a data breach attorney. An attorney can help evaluate whether legal options, including a potential class action claim, may be available. Many offer free case evaluations, so there is little downside to exploring this option.



More Information

Official Notice from Strateben

Official Notice from Mass

Official Notice from Vermont

Related Data Breaches