Goosehead Insurance hit by ransomware attack exposing customer data

Goosehead Insurance Agency, LLC, based in Texas, reports a ransomware attack that compromised customer information of customers across the United States. 

The company discovered on March 13, 2025, that files within its systems, servers, and workstations had been encrypted. The investigation confirmed that attackers downloaded sensitive consumer data before deploying ransomware to encrypt files.

The attack was claimed by a ransomware group known as CHAOS. On March 31, 2025, the ransomware gang listed Goosehead on their dark web leak site claiming to have stolen 300 gigabytes of data. The exposed data types and number of affected individuals is not disclosed. 

Goosehead began mailing data breach notification letters to affected individuals on October 10, 2025. It's not clear whether the company will offer complimentary credit monitoring.