Strauss Borrelli PLLC, a leading data breach law firm, is investigating Commonwealth Trust Company (“Commonwealth”) regarding its recent data breach. The Commonwealth data breach may have involved sensitive personal identifiable information and protected health information belonging to an undetermined number of individuals.
ABOUT COMMONWEALTH TRUST COMPANY:
Commonwealth is a privately-owned trust company based in Delaware. Founded in 1931, Commonwealth provides trust administration solutions for individuals and trust advisers, including maintaining or arranging custody for accounts, keeping trust records, managing fiduciary risk, maintaining tax records, processing investment or distribution directions, and more.2,3,4 Headquartered in Wilmington, Delaware, Commonwealth employs over 50 individuals.3
WHAT HAPPENED?
Recently, Commonwealth reported to the Attorney General of the Commonwealth of Massachusetts that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice, Commonwealth learned of suspicious activity related to an employee email account.1 As a result, Commonwealth launched an investigation to determine the nature of the incident.
Through its investigation, Commonwealth confirmed that the sensitive personal information and protected health information in the email account may have been accessed and/or acquired by an unauthorized third party on May 13, 2025.1 As a result, Commonwealth began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. On August 4, 2025, Commonwealth completed this review. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Date of birth
- Account number
- Bank account number
- Individual insurance/subscriber number
- Medical records (medical record number, treating/referring physician, patient account number, treatment information, prescription/medication information)
- Health insurance information (medical billing/claims information)
On September 19, 2025, Commonwealth began mailing data breach notification letters to impacted individuals. Based on the breach notice being sent to Massachusetts residents, Commonwealth is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. 1 A link to the letters that Commonwealth filed with the Attorney General of the Commonwealth of Massachusetts is below.
If you received a breach notification letter from Commonwealth Trust Company:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
