Risk Strategies Data Breach Exposes Social Security Numbers and Medical Records

Insurance data breach illustration
Breach Discovery: 16th January 2026Breach Notification: 23rd June 2026

What Happened in the Risk Strategies Data Breach?

Risk Strategies, officially known as RSC Insurance Brokerage Inc., recently disclosed a data breach that compromised sensitive personal and medical information. The Risk Strategies data breach involved unauthorized access to an employee’s Microsoft 365 email account. As a result, an unknown party may have viewed or taken files containing personal data belonging to thousands of individuals.

According to the company, the unauthorized access occurred between January 15, 2026, and January 16, 2026. During this window, an intruder gained entry into the employee’s email account and its stored files. Because email accounts often hold years of sensitive attachments, this type of intrusion can expose a wide range of personal records.

After discovering the suspicious activity, Risk Strategies launched an investigation into the affected files. This review took several months to complete, wrapping up on June 1, 2026. The investigation ultimately confirmed that the compromised files contained names, Social Security numbers, and medical records tied to specific individuals, prompting the company to begin the notification process.

Who was affected?

The Risk Strategies data breach affected individuals whose personal information was stored within the compromised employee email account. Because Risk Strategies operates as an insurance brokerage, this may include clients, policyholders, or others whose data passed through the company’s systems for insurance-related purposes.

In total, 15,055 individuals nationwide were affected by this incident. Regulatory filings show that at least 76 Nebraska residents and 47 Massachusetts residents were among those impacted. Since notification letters have gone out to a wide geographic pool, the breach clearly extended beyond a single state or region.

What Information Was Potentially Exposed?

The investigation confirmed that specific categories of sensitive personal data were present in the compromised files. This combination of information is particularly concerning because it includes both identity-related and health-related details.

  • Full names
  • Social Security numbers
  • Medical records

With this data exposed, affected individuals face a heightened risk of identity theft. Criminals can use Social Security numbers to open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. Because this type of fraud can take months to detect, victims often face a long cleanup process.

In addition, the exposure of medical records raises the risk of medical identity theft. Someone could use stolen health information to obtain prescriptions, medical services, or insurance benefits fraudulently. This can also lead to inaccurate information appearing in a victim’s own medical history, which may complicate future care.

What is the company doing?

After confirming the scope of the incident, Risk Strategies took steps to respond and notify those affected. The company began mailing notification letters to impacted individuals on June 23, 2026. These letters explain the nature of the breach and outline steps recipients can take to protect themselves.

As part of its response, Risk Strategies is offering a complimentary 24-month membership to credit monitoring services through Epiq. The service, called Privacy Solutions ID 3B Credit Monitoring, can be activated online. Each affected individual received a unique activation code and an enrollment deadline within their letter, so timely action matters.

For further support, Risk Strategies set up a dedicated phone line for questions about the incident. Individuals can also contact a separate number specifically for help with the Epiq enrollment process. This dual-support structure suggests the company anticipated a high volume of questions from affected individuals.

What Should Affected Individuals Do?

Enroll in the Free Credit Monitoring Offered

Anyone who received a notification letter should activate the complimentary credit monitoring as soon as possible. Because enrollment requires a unique code and has a deadline, delaying this step could mean missing out on free protection entirely.

This monitoring service can alert you to new accounts or suspicious inquiries tied to your Social Security number. As a result, you may catch fraudulent activity far earlier than you would on your own. Given that this protection is free, there is little reason not to take advantage of it.

Consider a Fraud Alert or Credit Freeze

Because Social Security numbers were exposed, affected individuals should strongly consider placing a fraud alert or credit freeze with the three major credit bureaus. A fraud alert requires lenders to verify your identity before opening new credit in your name. A credit freeze goes further by blocking access to your credit report entirely.

Both options are free to set up and can prevent identity thieves from opening fraudulent accounts. However, a credit freeze must be lifted temporarily if you apply for new credit yourself. For this reason, many experts recommend a freeze for anyone facing a serious data exposure like this one.

Protect Yourself Against Medical Identity Theft

Since medical records were part of this breach, affected individuals should review their health insurance statements closely. Look for services, prescriptions, or claims you don’t recognize, as these could signal medical identity theft.

If you spot anything unusual, contact your health insurance provider immediately to dispute the charges. In addition, request a copy of your medical records periodically to check for inaccuracies caused by fraudulent use of your information. Catching these issues early can prevent long-term complications with your health records and insurance coverage.

Stay Alert for Phishing Attempts

Following any data breach, scammers often use stolen information to craft convincing phishing emails or phone calls. Because your name and other personal details are now exposed, be cautious of messages claiming to be from Risk Strategies, Epiq, or credit bureaus.

Never click links or share personal information in response to unsolicited messages. Instead, verify any communication by contacting the company directly through official phone numbers or websites. This simple habit can prevent scammers from tricking you into revealing even more sensitive data.

Monitor Your Credit Reports Regularly

Beyond the free monitoring service, affected individuals should check their credit reports from all three bureaus on an ongoing basis. Federal law entitles you to a free credit report from each bureau every year, which you can access through official government-authorized channels.

Reviewing these reports helps you catch unauthorized accounts or hard inquiries you didn’t request. If you notice anything suspicious, report it to the credit bureau and consider consulting a data breach attorney for a free case evaluation. An attorney can help you understand your legal options and whether you qualify for compensation.



More Information

Risk Strategies

total number of 15,055 individuals were affected

76 Nebraska residents

47 Massachusetts residents

privacysolutionsid.com

Related Data Breaches