Starr Insurance discloses data breach following cyberattack claimed by Akira ransomware group

Starr Insurance, an independent insurance agency based in Chambersburg, Pennsylvania, has disclosed a data breach after hackers gained unauthorized access to portions of its computer network and copied sensitive files containing personal, financial, and health-related information.

The company detected suspicious activity within its systems on Nov. 18, 2025, and launched an investigation with assistance from third-party cybersecurity specialists. The investigation determined that an unauthorized actor accessed and copied files from Starr Insurance’s network on Nov. 28, 2025.

A review of the compromised files confirmed exposure of a broad range of sensitive information. Depending on the individual, the affected data may include names, addresses, Social Security numbers, driver’s license numbers, financial account information, payment card data, medical information, health insurance information, and online account access credentials.

Regulatory authorities have been notified, and the company has begun issuing notification letters to affected individuals. Starr Insurance stated that it has strengthened its data protection and cybersecurity policies following the incident.

At the time notifications were issued, the company said it had not identified any attempted or confirmed misuse of the compromised information. Starr Insurance has not publicly disclosed the number of affected individuals.

While the company did not characterize the incident as a ransomware attack, the Akira ransomware group claimed responsibility for the breach on April 1, 2026. Akira stated that it had stolen approximately 15 gigabytes of data from Starr Insurance, including employee passports, driver’s licenses, Social Security numbers, financial records, customer information, and non-disclosure agreements.

Akira is known for conducting double-extortion ransomware operations in which attackers exfiltrate sensitive data, encrypt victim systems, and demand payment in exchange for decryption tools and promises not to publish stolen information. The group later listed the allegedly stolen Starr Insurance data for download, indicating that a ransom demand may not have been paid.

Notification materials issued by Starr Insurance do not appear to include offers for complimentary credit monitoring or identity theft protection services for affected individuals.