Cove Risk Services
Data Breach Class Action Lawsuit

Posted: December 13, 2025 -- Attention, victims of the Cove Risk Services data breach.

Abington Cole + Ellery is investigating the data breach recently announced by Cove Risk Services.

Cove Risk Services Data Breach Summary:

Approximately 49,000 individuals were affected by the Cove Risk Services data breach on or around May 3, 2025, and breached data may include, but is not necessarily limited to: name plus one or more of the following: date of birth, driver’s license/state ID, health insurance data, medical data, financial account data, passport number, and/or Social Security number. As a result of the data breach, Cove Risk Services is offering 12 months of free credit monitoring and/or identity theft protection services to some affected individuals.

If you are a victim of the Cove Risk Services data breach, and interested in potentially volunteering to serve as a class representative in a class action lawsuit against Cove Risk Services, please submit your information here to be considered:

An attorney-client relationship is not formed by submitting information through this website.

Cove Risk Services Data Breach Details:

Cove Risk Services says it experienced a “network disruption” in early-May of 2025, and immediately began a response effort and investigation. According to the company’s public notice dated December 11, 2025, that investigation concluded that certain information in Cove Risk’s systems was subject to unauthorized access or acquisition on or around May 3, 2025. The notice does not publicly describe the specific technical cause (for example, whether it involved phishing, malware/ransomware, or exploitation of a vulnerability); it characterizes the event at a high level as a disruption followed by confirmed unauthorized access/acquisition.

After determining there had been unauthorized access/acquisition, Cove Risk reports it worked to identify what data might have been at risk and performed a detailed review to determine the types of information involved and which individuals were affected. Cove Risk states it completed that review on November 10, 2025, and then began locating address information in order to send notifications. The company says the information varies by person, but may include name plus one or more of the following: date of birth, driver’s license/state ID, health insurance information, medical information, financial account information, passport number, and/or Social Security number.

In terms of response steps, Cove Risk says it took actions to contain the incident and to enhance network security to reduce the chance of similar incidents in the future. It also states it is offering credit monitoring and identity protection services to potentially affected individuals, and it set up a dedicated assistance line for questions and enrollment. The notice encourages people to watch for signs of identity theft or fraud by reviewing credit reports, account statements, and explanation-of-benefits forms, and it describes options like fraud alerts and credit freezes through the major credit bureaus.

Additional information about the Cove Risk Services data breach may be found here: Cove Risk Services Data Breach Notification. The Cove Risk Services Website may also have additional information about or provide periodic updates regarding the data breach.

About Cove Risk Services:

Cove Risk Services, LLC is an administrator of workers’ compensation self-insurance programs for employers in Massachusetts and New Hampshire. The company states it is the exclusive administrator for six self-insurance programs and that these programs collectively provide coverage to more than 4,000 businesses across the two states. It describes a self-insurance group as an association of employers that provides workers’ compensation coverage to its members, typically organized by industry and state.

Cove Risk’s public materials describe work that includes underwriting oversight, safety/risk support, and claims-related functions. For example, its underwriting guidelines say submissions are reviewed by underwriting and must be approved in writing before coverage can be bound, and that the organization retains final binding authority for accepted accounts. Its services descriptions also discuss safety assessments and claims practices such as reviewing loss history, making risk recommendations, coordinating treatment, and supporting return-to-work arrangements when appropriate.

The company publicly lists the programs it administers: Massachusetts Retail Merchants Workers’ Compensation Group, Massachusetts Care Self-Insurance Group, Massachusetts Healthcare Self-Insurance Group, Massachusetts Trade Self-Insurance Group, Massachusetts Manufacturing Self-Insurance Group, and New Hampshire’s Association Members Workers’ Compensation Trust.

Additional Information:

Cove Risk Services Notice of Data Incident

“Notice of Data Incident” (PR Newswire copy syndicated via Morningstar)

For more information about steps you can take to possibly reduce the chances harm arising from a data breach, please review the following article: What are some steps you can take if you've been the victim of a data breach?

If you believe you are a victim of the Cove Risk Services data breach, and if you would like to volunteer to serve as a class representative in a class action lawsuit regarding this data breach, please submit your information via the form on this webpage. This website is not associated with nor authorized by Cove Risk Services or any affiliated companies. If you have received any other data breach notifications, you may to review Abington Cole + Ellery's current list of data breach investigations.