Beacon Mutual Insurance Company, based in Warwick, RI and serving Rhode Island with operations in MA and CT, suffered a major data leak attributed to threat actor incransom, exposing approximately 275 GB of internal data. The leaked archive includes internal corporate documents, complete financial statements (2018β2025), full employee lists with personal details, confidential agreements, NDAs, vendor contracts, detailed workersβ compensation claims data, and PII of employees and claimants #UnitedStates
Incident Details
- Victim: Beacon Mutual Insurance
- Sector: Financial Services
- Country: US
- Actor: incransom
- Source: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/697bc5858f1d14b743094982
- Discovered: 2026-01-31 00:31:54.015144
- Published: 2026-01-31 00:00:00.000000
Information
- Beacon Mutual Insurance Company (Warwick, RI) β primary workersβ compensation insurer for Rhode Island businesses; also operates in MA & CT
- MAJOR DATA LEAK: approximately 275 GB (296,228,795,086 bytes) of highly sensitive internal data exposed
- Leaked archive contains ~275 GB of uncompressed/internal files
- Internal corporate documents and correspondence exposed
- Complete financial statements and reports (2018β2025) included
- Full employee list with personal details exposed
- Confidential agreements, NDAs, vendor contracts, and partnership documents included
- Detailed claims data: workersβ compensation payouts, injury reports, and medical records tied to claims
- Client/policyholder database exposed: business information, insurance policies, and payment history
- Personally identifiable information (PII) of individuals β names, SSNs, addresses, dates of birth, contact details, etc.
- Training materials, internal manuals, compliance and safety documentation included
- Multiple system backups and database dumps present in the leak
- β¦and much more internal operational content
Disclaimer: This post is based on public claims made by the ransomware group "incransom". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.