North Atlantic States Carpenters Health Benefits Fund (NASCBF), a union health benefits fund serving carpenters and their families across several New England and New York states, has reported a significant data breach. The incident involves sensitive personal information and protected health information for an estimated 45,000 active and retired members. If you receive a letter about this breach, you may be understandably worried about identity theft, financial fraud, or misuse of your medical information. This article explains what is currently known, practical steps you can take right now, and the legal options that may be available. Strauss Borrelli PLLC is available to review your situation and help you understand your rights.
Key Facts at a Glance
- Organization: North Atlantic States Carpenters Health Benefits Fund (NASCBF), a union health benefits fund based in Wilmington, Massachusetts.
- Scope: Approximately 45,000 active or retired members and their information may be affected across multiple New England and New York states.
- Type of incident: Data breach involving sensitive personal information and protected health information (PHI); the specific attack method has not been publicly detailed.
- Report date: On or about August 18, 2025, NASCBF reported the incident to the U.S. Department of Health and Human Services (HHS).
- Data involved: Potential exposure of names, Social Security numbers, financial and tax data, login credentials, government ID numbers, and detailed medical and health insurance information.
- Planned response: NASCBF has indicated it will send personalized notices describing what data was impacted for each person and will offer complimentary credit monitoring services.
- Risks: Increased risk of identity theft, financial fraud, tax refund fraud, and medical identity theft, along with possible long-term privacy concerns.
What Happened?
NASCBF has reported a data breach that impacted systems or files containing member information, including protected health information. According to information submitted to the U.S. Department of Health and Human Services, the incident was reported on or about August 18, 2025. At this time, publicly available information focuses primarily on the types of data affected rather than how the breach occurred.
As of the latest details, NASCBF has indicated that it is investigating the incident, identifying which individuals were affected, and determining the specific categories of data involved for each person. The fund has stated that it will notify impacted members and offer complimentary credit monitoring services, along with a description of exactly what information was affected in each case.
Because NASCBF is a union health benefits fund serving carpenters and their families across several New England and New York states, this incident may affect a large community of union members, retirees, and dependents who rely on the fund for health coverage and benefits.
What Information Was Exposed?
Based on NASCBF’s report, the breach may have exposed one or more of the following types of information for affected individuals:
- Name
- Social Security number
- Date of birth
- Financial account information
- Payment card information with access code
- Login credentials (for example, usernames and passwords for online accounts)
- Tax information
- Military identification number
- Medical treatment information
- Medical history information
- Medical diagnosis information
- Health insurance information
- Biometric information
- Driver’s license number
- State-issued identification number
- Passport number
- License plate number
- Protected health information (PHI)
Not every category listed above will apply to every person. Your individual notice from NASCBF should explain which specific types of information tied to you or your dependents were involved.
Because this list includes core identifiers (such as Social Security numbers and dates of birth), financial and tax details, login credentials, and detailed medical information, the potential impacts can be serious and long-lasting if criminals misuse the data.
What Should You Do Next?
Watch for a notice letter from NASCBF
- Carefully read any letter or email you receive from NASCBF regarding this incident.
- Keep the notice in a safe place; it may be useful for proving that your information was involved and for any future legal or insurance claims.
- The notice should list exactly what categories of your data were affected and how to enroll in any free credit monitoring services.
Enroll in any complimentary credit monitoring
- If NASCBF offers free credit monitoring and identity theft protection, consider enrolling as soon as possible.
- Make sure you complete all steps, including identity verification and account activation.
- Keep track of the enrollment date and the length of time the services will last, so you know when they expire.
Document everything
If you believe you have been affected by the North Atlantic States Carpenters Health Benefits Fund breach:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
LINKS
[1] https://www.carpentersfund.org/wp-content/uploads/25.10.10-NASCBF-website-notice_FINAL.pdf
[2] https://www.carpentersfund.org/
[3] https://www.linkedin.com/company/north-atlantic-states-carpenters-benefit-funds/about/
[5] https://www.linkedin.com/company/north-atlantic-states-regional-council-of-carpenters/about/
[6] https://www.nasrcc.org/wp-content/uploads/2023/06/NASRCC-Full-Council_11x17_PRINT.pdf
