What happened in the OneGroup NY data breach?

OneGroup NY, a Syracuse-based risk management and insurance brokerage firm, experienced a data breach caused by unauthorized access to a company email account. The breach exposed sensitive workers' compensation information belonging to clients of MEMIC Indemnity insurance company.

When did the OneGroup NY data breach occur?

The unauthorized access occurred between May 6, 2024, and May 21, 2024. OneGroup NY detected the suspicious activity on July 29, 2024, and launched an investigation. The review was completed on February 4, 2025, and notification letters were sent starting June 6, 2025.

What type of information was compromised in the breach?

The compromised email account contained workers' compensation information and sensitive personally identifiable information associated with MEMIC Indemnity issued workers' compensation accounts. The specific details of what personal data elements were compromised have not been disclosed.

Who was affected by the OneGroup NY data breach?

The breach affected workers who had filed for workers' compensation benefits through MEMIC Indemnity. These individuals' workers' compensation information and personally identifiable information was stored in the compromised email account. The exact number of affected individuals has not been disclosed.

What is MEMIC Indemnity?

MEMIC Indemnity is an insurance company that specializes in workers' compensation coverage. Their clients' information was stored in OneGroup NY's email system and was compromised during the breach.

When were affected individuals notified about the breach?

OneGroup NY began sending data breach notification letters to all affected individuals on June 6, 2025. This was nearly a year after the breach was initially detected and about four months after the investigation was completed.

How long did the OneGroup NY breach investigation take?

The investigation took approximately eight months. OneGroup NY detected the suspicious activity on July 29, 2024, and completed their review of the compromised files on February 4, 2025.

Incident

OneGroup NY reports data breach caused by compromised email account

published: June 14, 2025

Learn More

OneGroup NY, a Syracuse-based risk management and insurance brokerage firm, is reporting a data breach that exposed sensitive workers' compensation information belonging to clients of MEMIC Indemnity. MEMIC is an insurance company specializing in workers' compensation coverage.

The breach was caused by unauthorized access to a company email account. On July 29, 2024, OneGroup NY detected suspicious activity within its email environment and launched an investigation. The investigation confirmed that an unauthorized party gained access to the contents of an employee email account between May 6, 2024, and May 21, 2024.

The compromised email account contained confidential information belonging to workers who had filed for workers' compensation benefits through MEMIC Indemnity:

Workers' compensation information
Sensitive personally identifiable information associated with MEMIC Indemnity issued workers' compensation accounts. The details of what specific personal data elements were compromised (such as names, addresses, Social Security numbers, or medical information) are not disclosed.

The number of individuals affected by this data breach is not disclosed.

The review of the compromised files was completed on February 4, 2025, nearly eight months after the initial discovery. On June 6, 2025, OneGroup NY began sending data breach notification letters to all affected individuals.

OneGroup NY reports data breach caused by compromised email account

Read More
Healthcare tech company Veradigm data breach exposed patient …
UW Health reports data breach caused by hacking …
Interactive Brokers reports data breach caused by compromised …
Singapore law firm Shook Lin & Bok reports …
Japan National Center for Incident Readiness And Strategy …