Strauss Borrelli PLLC, a leading data breach law firm, is investigating OneGroup NY Inc. (“OneGroup”) regarding its recent data breach. The OneGroup data breach involved sensitive personal information belonging to an undetermined number of individuals.
ABOUT ONEGROUP NY, INC.:
OneGroup is an insurance and business solutions company based in New York. Today, OneGroup offers a variety of services and solutions to businesses, including claims and risk management, HR solutions, risk management analytics, and business insurance such as general liability and cyber insurance.2 Additionally, OneGroup provides various services to individuals and employees, including homeowners and auto insurance, condo and townhome insurance, umbrella insurance, and renters insurance.2 Headquartered in Syracuse, New York, OneGroup employs over 200 individuals.
WHAT HAPPENED?
Recently, OneGroup reported to the Attorney General of Vermont that it had experienced a data breach in which sensitive personal identifiable information in its care associated with MEMIC Indemnity issued workers’ compensation may have been accessed.1 According to the breach notice, on July 29, 2024, OneGroup became aware of suspicious activity related to its email environment.1 As a result, OneGroup launched an investigation to determine the nature of the incident.
Through its investigation, OneGroup confirmed that sensitive personal information in its systems may have been accessed by an unauthorized third party through an employee’s email account between May 6 and May 21, 2024. As a result, OneGroup began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. The review concluded on February 4, 2025. The exact type of personal information potentially exposed has not been made publicly available by OneGroup. However, according to state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license or other government issued ID card numbers (e.g., individual taxpayer ID number, passport number, military ID card number)
- Financial account number or credit or debit card number
- Unique biometric data (e.g., fingerprint, retina or iris image, or other unique biometric representation)
- Genetic information
- Health record or records of a wellness program or similar program of health promotion or disease prevention (e.g., healthcare professional’s medical diagnosis or treatment of the consumer, health insurance policy number)
On June 6, 2025, OneGroup began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Vermont residents, OneGroup is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification letters that OneGroup filed with the Attorney General of Vermont is below.
If you received a breach notification letter from OneGroup NY, Inc.:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
