Cyber Incident Victim: Beacon Mutual Insurance Co.
Date:
Jan 2026
Location:
United States of America
Summary
Beacon Mutual Insurance Co. detected suspicious activity on its network, promptly disconnected affected systems, and engaged external cybersecurity experts to conduct a forensic investigation while working to restore operations. The ransomware group INC Ransom claimed responsibility, alleging that approximately 275 GB of internal files—including personally identifiable information of employees, claimants and insured workers, financial records, correspondence and detailed workers’ compensation claims data—had been exfiltrated. A company spokesperson confirmed the ransomware nature of the incident but could not verify the attacker’s identity or the specific data compromised, noting that the firm had notified the FBI and was cooperating with the investigation. The insurer stated it is analyzing the potential scope of the breach and will notify individuals if personal information is found to have been accessed. Headquartered in Warwick, Beacon Mutual provides workers’ compensation coverage in Rhode Island, Massachusetts and Connecticut and maintains an information‑security program aligned with industry standards.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 14, 2026, Beacon Mutual Insurance Co. received an alert regarding suspicious activity on its network. In response, the company disconnected certain systems to prevent further spread. Beacon Mutual launched a forensic investigation with external cybersecurity experts. By January 20, 2026, the insurer reported that operations had been restored. A spokesperson confirmed that the incident was a ransomware attack. The spokesperson said the company could not confirm the attacker’s identity or the specific information that may have been affected at that time. Beacon Mutual contacted the Federal Bureau of Investigation and stated it would cooperate in their investigation. The company said it is working with experts to analyze the potential data involved in the incident. If the investigation finds unauthorized access to or acquisition of personal information, Beacon Mutual said it will notify the individuals whose information was involved.
The ransomware tracking site Ransomware.Live posted information indicating that the threat group INC Ransom claimed responsibility for the attack. A leaked screenshot shared on the site asserted that the breach affected 275 GB of uncompressed/internal files and confidential information. The claimed data included personally identifiable information of employees, claimants, and insured workers. It also encompassed internal financial statements, correspondence, and operational content. Additionally, the screenshot referenced detailed workers’ compensation claims data and medical records. Beacon Mutual’s spokesperson noted that the company could not verify the accuracy of the claimed scope or the attacker’s identity.
Beacon Mutual emphasized that it maintains a comprehensive information security program aligned with recognized industry standards. The insurer said it regularly reviews and updates its safety measures as part of an ongoing risk management process. The company observed that, like all organizations, it operates within a dynamic threat environment where security risks may arise despite appropriate safeguards. Beacon Mutual is headquartered in Warwick, Rhode Island, and is the primary provider of workers’ compensation insurance in the state, also writing policies in Massachusetts and Connecticut. In 2024, the company generated more than $118 million in revenue and employed approximately 100 people.