Strauss Borrelli PLLC, a leading data breach law firm, is investigating Cove Risk Services LLC (“Cove Risk”) regarding its recent data breach. The Cove Risk data breach involved sensitive personal information and protected health information belonging to over 49,000 individuals.
ABOUT COVE RISK SERVICES LLC:
Cove Risk is a workers’ compensation provider based in Massachusetts. Founded in 1990, Cove Risk provides a range of workers’ compensation coverage and services to business owners in Massachusetts and New Hampshire, including healthcare coverage, trade and manufacturing workers’ compensation, underwriting, and more.2,3,4 Headquartered in Braintree, Massachusetts, Cove Risk employs over 10 individuals and provides coverage to over 4,000 business owners across Massachusetts and New Hampshire.2,3
WHAT HAPPENED?
Recently, Cove Risk announced that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice shared on its website, on May 5, 2025, Cove Risk experienced a network disruption.1 As a result, Cove Risk launched an investigation to determine the nature of the incident.
Through its investigation, Cove Risk confirmed that sensitive personal information and protected health information in its systems may have been accessed or acquired by an unauthorized third party on or around May 3, 2025. As a result, Cove Risk began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. On November 10, 2025, Cove Risk completed this review. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Date of birth
- Driver’s license or state identification number
- Health insurance information
- Medical information
- Financial account information
- Passport number
On December 11, 2025, Cove Risk posted notice of the breach on its website. Additionally, on December 12, 2025, Cove Risk began mailing data breach notification letters to impacted individuals. Based on the website breach notice, Cove Risk is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the website breach notice is below.
If you received a breach notification letter from Cove Risk Services LLC:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
LINKS
[1] https://www.coverisk.com/data-incident/
[3] https://www.linkedin.com/company/cove-risk-services-llc/about/
[4] https://www.coverisk.com/about/services/
[6] https://www.mass.gov/doc/assigned-data-breach-number-21675-cove-risk-services-llc/download
[7] https://ago.vermont.gov/document/2025-12-12-cove-risk-services-data-breach-notice-consumers
