Daniel H Cook Associates Data Breach Exposes Personal and Health Information

Insurance data breach illustration
Breach Discovery: 17th October 2025Breach Notification: 16th January 2026

What Happened in the Daniel H Cook Associates Data Breach?

Daniel H Cook Associates, a New York-based third-party administrator that processes employee benefits claims, has confirmed a data breach affecting thousands of people. The company disclosed that a network disruption led to unauthorized access to its systems. As a result, sensitive personal information stored on its network may have been exposed.

According to the breach notification, the unauthorized access occurred on or about Oct. 17, 2025. Once the disruption was detected, Daniel H Cook Associates launched an investigation right away. The company also brought in outside cybersecurity experts to determine exactly what happened and what data may have been affected.

The investigation involved a thorough review of the affected files. This review confirmed that certain files had been accessed or acquired without authorization. As a result, the company determined that personal information belonging to some individuals was present in the compromised data. Because claims administrators handle sensitive benefits information, this discovery triggered a formal notification process.

Following the completion of its internal review, Daniel H Cook Associates began notifying regulators and affected individuals. The company filed notices with several state attorneys general, including Indiana, Massachusetts, Maine, New Hampshire, and Vermont. This multi-state notification suggests the breach reached individuals across a wide geographic area in the United States.

Who was affected?

The breach affects individuals whose personal information passed through Daniel H Cook Associates as part of employee benefits claims processing. Because the company works as a third-party administrator, those affected may include employees, dependents, and beneficiaries connected to benefit plans the company managed on behalf of employers.

Daniel H Cook Associates has confirmed that 36,663 people in the United States were affected. This total includes 100 residents of Massachusetts, 15 residents of New Hampshire, and 2 residents of Maine. Additional individuals were affected in Vermont and Indiana, though the source does not break down specific counts for those states.

Because the breach relates to benefits claims data, it likely includes information tied to healthcare or workplace benefits. However, the exact roles of affected individuals, such as whether they are policyholders, employees, or dependents, have not been publicly disclosed in detail.

What Information Was Potentially Exposed?

The specific data elements exposed can vary from person to person. However, because Daniel H Cook Associates processes employee benefits claims, the type of information typically involved in this kind of breach can be highly sensitive.

  • Full names
  • Social Security numbers
  • Financial account information
  • Health-related or medical claims information
  • Other personal identifiers tied to benefits administration

When Social Security numbers and financial details are exposed, the risk of identity theft rises significantly. Criminals can use this information to open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. As a result, affected individuals may face financial disruption long after the breach itself occurred.

In addition, when health-related claims information is involved, the risk extends beyond financial fraud. Medical identity theft can lead to fraudulent insurance claims or inaccurate medical records. This means victims could face billing disputes or complications with their own future healthcare coverage as a result of someone else misusing their information.

What is the company doing?

Once Daniel H Cook Associates confirmed the breach, the company took immediate steps to address it. It engaged cybersecurity professionals to investigate the incident thoroughly and determine the scope of the unauthorized access. This helped the company identify which individuals were affected before sending out notifications.

In response, Daniel H Cook Associates began notifying regulators and impacted individuals starting Jan. 16, 2026. Notification letters were sent via USPS First-Class Mail to all affected individuals. The company also filed formal notices with the attorneys general of Indiana, Massachusetts, Maine, New Hampshire, and Vermont.

As part of its response, Daniel H Cook Associates is offering 12 months of complimentary credit monitoring and identity protection services through Epiq Privacy Solutions ID. These services include single-bureau credit monitoring, Social Security number and dark web monitoring, identity restoration assistance, lost wallet assistance, and a $1 million identity theft insurance policy.

Additionally, the company set up a toll-free call center through IDX to answer questions and provide ongoing support to affected individuals. This resource allows people to ask specific questions about their exposure and learn more about the protective services available to them.

What Should Affected Individuals Do?

Monitor Your Credit Reports Closely

Affected individuals should review their credit reports regularly for unfamiliar activity. Look for new accounts, unexpected credit inquiries, or unfamiliar charges that could indicate fraud. Because identity thieves often act quickly, early detection can limit financial damage.

You can request a free credit report from each of the three major credit bureaus once a year. Reviewing these reports on a staggered schedule throughout the year can help you catch suspicious activity sooner. If you notice anything unusual, report it immediately to the credit bureau and consider contacting a data breach attorney for guidance.

Consider a Fraud Alert or Credit Freeze

Because Social Security numbers and financial data may have been exposed, placing a fraud alert or credit freeze is a smart precaution. A fraud alert requires creditors to verify your identity before opening new accounts. A credit freeze goes further by restricting access to your credit file entirely.

To place either protection, contact one of the three major credit bureaus, which will then notify the others. This step is especially important for anyone whose Social Security number may have been included in the exposed data. As a result, taking this action can prevent identity thieves from opening accounts in your name.

Enroll in the Free Identity Protection Services

Daniel H Cook Associates is offering 12 months of credit monitoring and identity protection through Epiq Privacy Solutions ID at no cost. This service includes dark web monitoring, identity restoration help, and a $1 million identity theft insurance policy. Because this service is free, affected individuals should take advantage of it as soon as possible.

To enroll, follow the instructions provided in your notification letter. If you did not receive a letter but believe you may be affected, you can contact the toll-free call center set up through IDX. This center can confirm your status and help you enroll in the available protections.

Watch for Phishing Attempts

After a data breach, scammers often use exposed information to craft convincing phishing emails, texts, or phone calls. These messages may pretend to be from Daniel H Cook Associates, a credit bureau, or a government agency. Because these scams can look legitimate, it’s important to stay alert.

Never click on links or share personal information in response to unsolicited messages. Instead, verify any communication directly through official channels, such as a company’s verified phone number or website. If something feels off, trust your instincts and avoid responding until you’ve confirmed its legitimacy.

Understand Your Legal Options

If your personal or health information was exposed in this breach, you may have legal options available to you. Some affected individuals pursue compensation through data breach litigation, especially when sensitive data like Social Security numbers or medical information is involved. A data breach attorney can review your situation and explain what options may apply.

Because deadlines for filing claims can vary by state, it’s a good idea to act sooner rather than later. Many attorneys offer free consultations to help you understand your rights. This means there’s little risk in exploring whether you qualify for compensation related to this breach.



More Information

Official Notice from Dhcook

Official Data Breach Notification Letter (PDF)

Official Notice from Mass

Official Notice from Maine

Official Data Breach Notification Letter (PDF)

Official Data Breach Notification Letter (PDF)

Related Data Breaches