Teamsters Union 25 Health Services & Insurance Plan has disclosed a data breach affecting 19,935 members after hackers gained unauthorized access to network systems in August 2025. The Massachusetts-based health plan, which provides coverage to union members, retirees, and dependents, confirmed that attackers accessed and potentially copied sensitive personal and medical information, prompting investigations by multiple law firms and raising concerns about identity theft risks for blue-collar workers who may lack resources to handle financial fraud.
On August 1, 2025, Teamsters Union 25 Health Services & Insurance Plan detected unauthorized access to its network systems. The organization immediately secured its systems and engaged third-party cybersecurity specialists to investigate the incident. By August 18, 2025, the review confirmed that an unauthorized party had accessed files containing member information and potentially copied data from the network.
The breach exposed names, Social Security numbers, medical information, member IDs, and health insurance details of 19,935 individuals. Notification letters were mailed to affected members on September 3, 2025, more than a month after the initial discovery. According to breach notices filed with state attorneys general, 106 Rhode Island residents were among those impacted.
Union health plans serve workers who often operate on tight financial margins, making them vulnerable to identity theft consequences. The exposure of both Social Security numbers and medical information creates a dual threat, traditional financial fraud alongside medical identity theft, where criminals use stolen information to obtain healthcare services, prescription drugs, or file fraudulent insurance claims.
The month-long delay between discovery and notification increases these risks. While organizations need time to investigate breaches, delays reduce victims' ability to take protective measures.
Teamsters Union 25 HSIP is providing affected members with 12 months of complimentary Single Bureau Credit Monitoring through Cyberscout, a TransUnion company. Members must enroll within 90 days of receiving their notification letter.
Four law firms - Edelson Lechtzin LLP, Markovits Stock & DeMarco, Srourian Law Firm, and Federman & Sherwood have launched investigations seeking class representatives for potential litigation. The firms are examining whether the health plan maintained adequate cybersecurity measures and whether their breach response met obligations under HIPAA and state data protection laws.
Names, Social Security numbers, member IDs, medical information, and health insurance details of 19,935 individuals were compromised.
Enroll in the free credit monitoring within 90 days, place fraud alerts with all three credit bureaus, monitor explanation of benefits statements for unauthorized medical services, change passwords for online accounts, and consider contacting investigating law firms about potential class actions.
Yes, the breach notice includes contact information for attorneys general in New York, Washington D.C., Maryland, New Mexico, North Carolina, and Rhode Island, where residents have additional rights under state laws.