Alera Group data breach exposes customers’ sensitive information

Insurance and financial service provider Alera Group said a data security incident it suffered earlier this year compromised the sensitive personal data of its customers.

 

Headquartered in Deerfield, Illinois, Alera Group, Inc. is an independent, national insurance and financial services firm formed through the merger of multiple companies.They offer a range of services including employee benefits, property and casualty insurance, retirement plan services, and risk and wealth management.

 

In a data security incident published on its website, Alera Group said that in August 2024, it identified unauthorised access within its internal network. The insurance service provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“On April 28, 2025, Alera Group confirmed that personal information may have been removed from its network as the result of unauthorised access to the Alera Group technology environment that occurred between July 19, 2024 and August 4, 2024,” Alera Group said.

 

The compromised data included names, addresses, demographic information, dates of birth, Social Security numbers, driver’s license, financial account or credit card information, Passport details, other government-issued identification, medical information, medical record numbers, insurance or claims data, electronic/digital signature, biometric information, username and password information and more.

 

In a filing with the Office of Maine Attorney General, Alera Group said it has identified at least 10,874 individuals impacted by the incident.

 

“We have taken steps to secure our environment and completed a thorough and comprehensive investigation with the assistance of third-party cybersecurity specialists. We have implemented additional cybersecurity measures to further protect our environment,” Alera Group added.

 

The insurance service provider has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered two years of complimentary identity protection and credit monitoring services through IDX to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Alera Group. The company also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.