Strauss Borrelli PLLC, a leading data breach law firm, is investigating illumifin Corporation (“illumifin”) regarding its recent data breach. The illumifin data breach involved sensitive personal information to an undetermined number of individuals.
ABOUT ILLUMIFIN CORPORATION:
illumifin is an insurance technology company and third-party administrator based in Minnesota. Today, illumifin offers business processing services and software solutions to insurance companies, including processing insurance policies, supporting new business and underwriting, policy owner services, claims assessments and administration, and more.2 To date, illumifin has over 100 insurance carrier clients and collects more than $5 billion in annual premiums.3 Headquartered in Woodbury, Minnesota, illumifin employs over 1,500 individuals and has eight operating locations.
WHAT HAPPENED?
Recently, illumifin reported to the Attorney General of the California that it had experienced a data breach in which sensitive personal identifiable information in its care may have been compromised. According to the breach notice, illumifin identified unusual activity in a portion of its network.1 As a result, illumifin launched an investigation to determine the nature of the incident.
Through its investigation, illumifin confirmed that sensitive personal information in its environment may have been accessed and acquired by an unauthorized third party on or around November 4, 2025. As a result, illumifin began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. As of April 1, 2026, the exact type of personal information potentially exposed has not been made publicly available by illumifin. However, according to California state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license number, California identification card number, tax identification number, passport number, military identification number, or other unique identification number issued on a government document
- Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account
- Medical information
- Health insurance information
- Unique biometric data such as a fingerprint, retina, or iris image, used to authenticate a specific individual
- Genetic information
As a result of the data breach, illumifin began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to California residents, illumifin is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification letters that illumifin filed with the Attorney General of California is below.
If you received a breach notification letter from illumifin Corporation:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
