Strauss Borrelli PLLC, a leading data breach law firm, is investigating the Workers’ Compensation Insurance Rating Bureau of California (“WCIRB California”) regarding its recent data breach. The WCIRB California data breach may have involved sensitive personal identifiable information belonging to an undetermined number of individuals.
ABOUT THE WORKERS’ COMPENSATION INSURANCE RATING BUREAU OF CALIFORNIA:
WCIRB California is a workers’ compensation insurance association based in California. Founded in 1915, WCIRB California is comprised of all companies licensed to transact workers’ compensation insurance in California and develops proposed advisory pure premium rates for submission to the California Insurance Commissioner, as well as administering the Commissioner’s workers’ compensation regulations.3,4 Additionally, WCIRB California provides a range of tools and services for member insurers, agents, brokers, and other workers’ compensation industry professionals, including workers’ compensation data portals, test audits and inspections, employer resources, and more.5 Headquartered in San Francisco, California, WCIRB California employs over 50 individuals and has a membership of over 400 companies.3,4
WHAT HAPPENED?
Recently, WCIRB California reported to the Attorney General of California that it had experienced a data breach in which sensitive personal identifiable information in its care may have been compromised. According to the breach notice, on or about July 9, 2025, WCIRB California detected a network security incident in which an unauthorized entity accessed one of WCIRB California’s third-party systems, Box.com.1 As a result, WCIRB California launched an investigation to determine the nature of the incident.
Through its investigation, WCIRB California confirmed that the sensitive personal information related to the third-party system may have been accessed and/or acquired by an unauthorized third party during the breach.1 As a result, WCIRB California began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. As October 16, 2025, the type of information impacted in the breach has not been made publicly available by WCIRB California.¹ However, according to California state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license number, California identification card number, tax identification number, passport number, military identification number, or other unique identification number issued on a government document
- Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account
- Medical information
- Health insurance information
- Unique biometric data such as a fingerprint, retina, or iris image, used to authenticate a specific individual
- Information or data collected through the use or operation of an automated license plate recognition system
- Genetic data
As result of the breach, WCIRB California began mailing data breach notification letters to impacted individuals. Based on the breach notice being sent to California residents, WCIRB California is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services.1 A link to the breach notification letters that WCIRB California filed with the Attorney General of California is below.
If you received a breach notification letter from the Workers’ Compensation Insurance Rating Bureau of California:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
