NAHGA Claims Services Reports Data Breach Affecting Over 180,000 People

NAHGA Claims Services, a third-party claims administrator, reported that a data security incident earlier this year exposed the sensitive personal information of more than 180,000 individuals.

 

NAHGA Claim Services (National Accident Health General Agency) is a third-party administrator specialising in secondary accident and health insurance claims for schools, sports leagues, camps, and youth organisations, offering tech-driven claims management with dedicated adjuster support and 24/7 online claim tracking for fast, transparent resolution.

 

In a data security incident notice filed with the Office of Maine Attorney General, NAHGA said that on April 10, it identified unauthorised access within its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected systems including taking them offline and notified relevant law enforcement authorities about the same.

 

“The investigation determined that certain files may have been acquired without authorisation between April 8, 2025 and April 11, 2025. As a result, we conducted a review of the potentially affected files and, in October 2025, learned that some of your information was contained within the potentially affected data,” NAHGA said.

 

The compromised data included names, and other personal identifiers including Social Security numbers.NAHGA initially told Maine state regulators that 5,072 individuals were impacted by the incident. However, a later filing significantly increased that number, with the third-party claims administrator reporting that at least 181,160 individuals were affected.

 

“As soon as NAHGA discovered the incident, we took the steps described above and implemented measures to enhance security and minimise the risk of a similar incident occurring in the future,” the company added.

 

The third-party claims administrator has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on NAHGA. The company also did not share details on who was behind the attack, how much data was compromised, or whether it had received a ransom demand.