Beacon Mutual hit in ransomware attack, at least 130k victims

The Rhode Island based insurance company is notifying people of a ransomware attack that has impacted over 131,000 people in Rhode Island.

What happened

Beacon Mutual, an insurance company specializing in worker’s compensation and providing services to Rhode Island state employees, has announced on their website that they recently faced a data breach.

According to the website notice, Beacon Mutual first learned of malicious activity in their network on January 14th, 2026, although their report to the Maine Attorney General says the incident was discovered on May 1st. According to local news reports, the incident impacted over 131,000 individuals in Rhode Island alone, while reports to the Maine Attorney General note that at least 600 individuals in Maine were impacted. As the data continues to be collected, the full scale of the breach will become more clear.

Going deeper

According to the web notice, a malicious actor infiltrated the network between January 7th and January 14th, acquiring copies of certain files. For impacted individuals, the data included full names, Social Security numbers, driver’s license numbers, financial account numbers, health insurance information, and or/medical treatment information. Letters were mailed out to victims beginning May 18th.

Beacon Mutual’s Assistant Vice President of Marketing and Communications, Michelle Pelletier, wrote, “This was a ransomware attack. We proactively isolated certain systems to contain the threat.”

The big picture

Beacon Mutual is used by the state to process numerous transactions per year, leading the state of Rhode Island to have paid Beacon Mutual approximately $90 million over the last four years. Karen Greco, the spokeswoman for the Rhode Island Department of Administration, noted that the incident impacted approximately 4,500 current and former state employees, but the state’s systems remain secure. A class action suit has been filed in the Rhode Island Superior Court, arguing that Beacon Mutual failed to implement adequate security measures and affected customers will face “a lifelong heightened risk of identity theft and financial fraud.” The risk of fraud and identity theft is real, as a Paubox report found that sensitive information, like Social Security numbers, clinical records, and financial details in particular can make someone more vulnerable to theft or fraud.

FAQs

Is it possible that the attack on Beacon Mutual would impact other systems, like the state of Rhode Island?

While the State of Rhode Island has clarified that they were not part of the attack, it is generally possible to have systems and networks connected in a way that allows an attack to spread. This is generally the case with business associates, where one business associate is attacked and their clients also become victimized.

Does it matter that the incident was a ransomware attack?

Ransomware attacks may be treated differently than other attacks. For one, ransomware threat actors will try to negotiate with victimized organizations to return the information. Ransomware groups may also encrypt data, making it difficult for organizations to maintain normal operations, although Beacon Mutual has not needed to pause operations at this time. For victims, both a ransomware attack or a general cyberattack could lead to their data being vulnerable on the dark web.

Why would there be conflicting information on when the breach was discovered?

It’s unclear why Beacon said the breach was discovered in January on their website but in May in their report to the Attorney General of Maine. Beacon may have done this to have met timeline requirements for Maine, which requires the Attorney General is notified within 60 days of the attack.