Oxford Life Insurance Company Confirms Hacker Accessed Financial Data this February

• Oxford Life Insurance Co. confirmed that it suffered a data breach in February this year
• The hacker gained access to their external systems storing PII, driver’s license, and financial data
• The incident was discovered on April 18, 2025, and disclosed publicly on May 13

The Insurance company Oxford Life Insurance suffered a data breach, which they disclosed on May 13, 2025. In formal disclosures to the Maine Attorney General and the Massachusetts Attorney General the next day, the company confirmed that its external systems were hacked.

The stolen data includes names, Social Security numbers, driver’s license numbers, personally identifiable information (PII), and financial information. The Oxford Life Insurance data breach occurred on February 20, 2025; however, they discovered it two months later on April 18, 2025. 

A total of 30 individuals in Maine and 300 in Massachusetts were found to be impacted by the data breach. The company notified the affected individuals on May 13. A claim depot report noted that the investigators did not find any evidence to prove that Protected Health Information (PHI) was also accessed by any third party.

There haven’t been any announcements on the dark web taking credit for the Oxford Life Insurance cyber attack. Nor did the company disclose any further information about the initial access or other details in its disclosure. 

The company offered identity theft protection services to affected customers, including free credit monitoring for a year.

In another incident, the Medicare insurance agency MedicareCompareUSA announced having suffered a data breach. The public disclosure was made on May 12, 2025, about the cybercrime that they discovered in November 2024.

A presently unidentified hacker gained access to the systems of MedicareCompareUSA on November 5, and they continued exploiting until November 21, 2024.

The growing threat to the financial services industry has become a huge cause of concern, especially among victims of identity theft. 

According to research by the Identity Theft Resource Center (ITRC), 1,350,835,988 data breaches were reported in 2024. Among those were the financial services industry, which remained the most targeted, evidently due to the amount of sensitive financial data that could be exploited, keeping the threat actors’ motives in mind.