Sterling Seacrest Pritchard Email Breach Exposed SSNs of 7,420 People
Sterling Seacrest Pritchard, a U.S. insurance brokerage and risk management firm based in the Southeast, disclosed a breach involving its email system that exposed the personal information of 7,420 individuals. The company said unauthorized access to or exfiltration from the email environment occurred between August 12 and 13, according to breach reporting cited in filings with the Maine Attorney General's Office.
The compromised data included names and Social Security numbers, with 20 Maine residents confirmed among those affected. Sterling Seacrest Pritchard said it had not identified evidence of misuse at the time of disclosure, but it offered eligible individuals complimentary credit monitoring, fraud consultation, and identity theft restoration services, while urging affected people to closely review bank and payment account activity and report suspicious transactions quickly.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Company offers credit monitoring and identity theft support
Following the disclosure, Sterling Seacrest Pritchard offered eligible affected individuals complimentary credit monitoring, fraud consultation, and identity theft restoration services. It also advised impacted people to monitor financial account statements and report suspicious activity.
Sterling Seacrest Pritchard discloses breach affecting 7,420 people
The insurance brokerage disclosed that the email-system breach exposed the personal information of 7,420 individuals, including 20 Maine residents reported in a filing to the Maine Attorney General. The company said it had no indication the stolen data had been misused.
Unauthorized access hits Sterling Seacrest Pritchard email system
Sterling Seacrest Pritchard said its email system was compromised between August 12 and 13, resulting in unauthorized access to or exfiltration of personal and sensitive information. The exposed data included names and Social Security numbers.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
National Public Data Breach Exposed Social Security Numbers and Personal Records
National Public Data disclosed a security incident affecting a large repository of consumer background-check and people-search information, with exposed data reported to include highly sensitive personal identifiers such as **Social Security numbers**, names, mailing addresses, and other profile details. The company published a breach notice on its website, while an individual notification letter filed with the California Attorney General indicates affected residents were formally notified that their information may have been involved. The incident drew attention because the compromised records appear to involve data commonly used for identity verification and fraud, increasing the risk of **identity theft**, account takeover, and social-engineering abuse. The notification materials show the breach response included direct notice to impacted individuals and guidance on protective steps such as monitoring accounts and credit activity, underscoring the seriousness of the exposure for consumers whose records were held by the data broker.
May 26, 2026
Marquis Software breach exposed SSNs and hit Community 1st Credit Union
Community 1st Credit Union disclosed a data breach tied to **Marquis Software Solutions**, a marketing and customer-engagement vendor that reportedly serves more than 700 banks and credit unions. Reporting indicates the vendor intrusion exposed sensitive customer data held on behalf of financial institutions, with Community 1st identifying affected individuals whose information was compromised through the third-party incident rather than a direct breach of the credit union's own network. Separate breach reporting says the Marquis incident affected **more than 1.3 million people** and exposed highly sensitive personal information, including **Social Security numbers**. The disclosures highlight the scale of third-party concentration risk in the financial sector, where a compromise at a single software provider can cascade across multiple banks and credit unions and trigger customer notifications, breach filings, and potential fraud and identity-theft concerns.
May 25, 2026
Betterment Social-Engineering Breach Exposes 1.4 Million Customer Records
**Betterment** disclosed that a **social engineering** attack against a **third-party platform account** used for customer communications enabled unauthorized access to internal systems in early January, leading to the exposure of personal data tied to **1,435,174 accounts**. The intruder used the access to send **fraudulent crypto-themed promotional messages** impersonating Betterment and promising to “triple” cryptocurrency sent to attacker-controlled wallets (including **Bitcoin and Ethereum** addresses). Betterment said it revoked the unauthorized access the same day it was detected, warned customers to ignore the messages, and initiated a forensic investigation with external incident-response support. Breach analysis and indexing by **Have I Been Pwned** indicated the exposed dataset included **email addresses, names, and location data**, with reporting also citing additional PII such as **dates of birth, physical addresses, phone numbers, device information, and employment-related details**. Betterment stated there is **no evidence** that customer investment accounts were accessed or that **passwords/authentication tokens** were compromised, characterizing the incident as an exposure of contact/identity data rather than account credentials. Separate reporting noted Betterment also experienced **intermittent outages attributed to a DDoS attack and extortion attempts** around the same period, but this was described as distinct from the social-engineering-driven data exposure.
Mar 21, 2026