Industry - Data Breach
Executive Summary
A January ransomware attack on Beacon Mutual Insurance, Rhode Island's workers' compensation administrator, exposed personal information of approximately 132,000 Rhode Islanders, including about 4,500 current and former state employees. The breach affected around 162,000 people total across multiple states, though Beacon confirmed that compromised systems did not connect to state networks. The company disclosed the incident to Rhode Island's Attorney General in May and is directly notifying a...
What Happened
In January 2026, Beacon Mutual Insurance, a Rhode Island-based workers' compensation administrator, experienced a ransomware attack that compromised personal information of approximately 162,000 individuals across multiple states. About 132,000 of those affected were Rhode Island residents, including roughly 4,500 current and former state employees. Beacon disclosed the incident to the Rhode Island Attorney General's office in May and began directly notifying affected individuals in mid-May.
Who Is Affected
Approximately 162,000 people total were affected, including 132,000 Rhode Island residents and individuals in Connecticut, Washington D.C., Maryland, Massachusetts, New York, North Carolina, and West Virginia. The compromised data included personal identifiable information of current and former employees whose employers held workers' compensation policies with Beacon Mutual. The breach did not affect Rhode Island state government networks themselves, as the compromised Beacon systems did not connect to state systems.
Why It Matters
This incident demonstrates the vulnerability of third-party vendors that handle sensitive employee data for government agencies and private employers, particularly entities serving as insurers of last resort for high-risk businesses. The four-month gap between the January attack and the May disclosure raises questions about notification timelines, though the disclosure appears to comply with state legal requirements. The breach affects a significant portion of Rhode Island's population, underscoring how concentration of insurance services in a single administrator creates systemic privacy risks.
What You Should Do
If you are a current or former employee of a Rhode Island state agency or a company that used Beacon Mutual for workers' compensation insurance, watch for direct notification letters from Beacon that should explain what specific information was compromised. Monitor your financial accounts and credit reports for unauthorized activity, and consider placing a fraud alert or credit freeze with the major credit bureaus. Keep records of any communications from Beacon regarding remediation services they may offer, such as credit monitoring.
Summary generated from verified sources and reviewed before publication. How we summarize.