Tower Administrative Services Data Breach Class Action Lawsuit Investigation
Data breach law firm Abington Cole + Ellery is investigating potential legal claims related to the Tower Administrative Services data breach, which reportedly affected tens of thousands of individuals and may have exposed name, address, Social Security number, and/or financial account data.
Published June 27, 2026 | Last updated June 27, 2026
Reviewed by Cornelius P. Dukelow | licensed lawyer and registered patent attorney.
JOIN THIS INVESTIGATION: If you are interested in potentially volunteering to serve as a class representative in a class action lawsuit against Tower Administrative Services, please submit your information to be considered:
You may also open the form here: Tower Administrative Services Data Breach Lawsuit Form. An attorney-client relationship is not formed by submitting information through this website.
Tower Administrative Services Data Breach: Key Facts
| Company: | Tower Administrative Services, Inc. |
|---|---|
| Location: | Lancaster, Pennsylvania |
| Incident Type: | Suspicious Activity Within Computer Network |
| Number Affected: | 25,742 in Texas, 78 in Vermont (TOTAL NOT YET PUBLICLY CONFIRMED) |
| Data Involved: | name, address, Social Security number, and/or financial account data (e.g. account number, credit or debit card number) |
| Date Began: | February 3, 2026 |
| Date Discovered: | February 4, 2026 |
| Date Ended: | February 4, 2026 |
| Notice Date: | Late-June, 2026 |
| Credit Monitoring: | YES |
| Status: | Class Action Lawsuit Investigation |
What happened in the Tower Administrative Services data breach?
Tower Administrative Services, Inc., a Lancaster, Pennsylvania company that administers insurance premium payments and provides customer service for biweekly mortgage acceleration programs, recently announced a data security incident involving unauthorized access to information stored within its systems. The Tower Administrative Services data breach appears to have involved suspicious activity inside the company’s network, rather than a lost device or accidental mailing. Tower has not publicly described the exact method of access, such as whether the incident involved phishing, compromised credentials, malware, or another intrusion technique.
According to Tower’s notice, the company discovered suspicious network activity on or around February 4, 2026. After securing its network, Tower engaged third-party specialists to investigate the incident. The investigation determined that certain information in Tower’s systems was subject to unauthorized access on or around February 3, 2026. In simple terms, Tower reported that an unauthorized party may have accessed information maintained within its network shortly before the company detected the suspicious activity.
After the incident was discovered, Tower worked to identify the information that may have been affected and the individuals connected to that information. Tower stated that this review was completed on May 20, 2026, after which the company worked to confirm current contact information so that it could notify potentially affected individuals. Public reporting indicates that Tower began sending notices around June 23, 2026. Although a confirmed nationwide total has not been publicly disclosed, at least 25,742 Texas residents and 78 Vermont residents were affected.
The information involved varies by individual. Tower stated that the affected information may have included names, addresses, Social Security numbers, and financial account information. Because Social Security numbers and financial account details can be sensitive, this type of data breach may create a risk of identity theft, fraudulent account activity, or targeted phishing attempts. Tower stated that, at the time of its notice, it was not aware of evidence showing that the information had been misused.
In response to the Tower Administrative Services data breach, the company said it took steps to secure its network, worked with forensic specialists, evaluated and reinforced existing security measures, and began reviewing its data security policies and procedures. Tower also stated that it is offering credit monitoring services at no cost to potentially affected individuals. The company established a toll-free call center for questions about the incident and advised individuals to monitor account statements and explanation of benefits forms for suspicious activity or errors.
How did the Tower Administrative Services breach occur?
At the time of this posting, Tower Administrative Services has not publicly explained the specific technical cause of the breach. The Tower Administrative Services data breach occurred when an unauthorized party gained access to certain information within Tower’s network on or around February 3, 2026. Tower discovered suspicious network activity the next day, secured its network, and launched an investigation with outside forensic specialists.
When did the Tower Administrative Services breach occur?
The Tower Administrative Services data breach reportedly took place from February 3, 2026 to February 4, 2026.
How many people were affected by the Tower Administrative Services breach?
The Tower Administrative Services data breach affected at least 25,820 people, including 25,742 Texas residents and 78 Vermont residents. However, Tower has not publicly disclosed a confirmed nationwide total, so the actual number of affected individuals may be higher.
What information was exposed in the Tower Administrative Services breach?
- Breached data appears to vary by person and reportedly may include, but is not necessarily limited to:
- name
- address
- Social Security number
- financial account information (e.g. account number, credit or debit card number)
Has Tower Administrative Services offered free credit monitoring and/or identity theft protection services?
Yes. As a result of the data breach, Tower Administrative Services is offering free credit monitoring and/or identity theft protection services to affected individuals.
Tower Administrative Services data breach timeline:
| Date | Event |
|---|---|
| February 3, 2026 | Unauthorized activity began. |
| February 4, 2026 | Tower Administrative Services discovered the incident. |
| February 4, 2026 | Unauthorized activity ended. |
| May 20, 2026 | Data breach investigation concluded. |
| Late-June, 2026 | Tower Administrative Services began notifying affected individuals. |
Who is Tower Administrative Services?
Tower Administrative Services, Inc. is a Lancaster, Pennsylvania-based administrative services company that supports insurance premium payment processing and biweekly mortgage acceleration programs. Through its website, toweradmin.com, the company provides customer service resources, contact information, payment-related forms, and mortgage debit calendar materials for individuals and organizations using its programs. Its work appears focused on back-office administration, billing support, and program servicing rather than consumer lending or insurance underwriting.
What should affected individuals do?
Individuals affected by the Tower Administrative Services data breach should review their notice letter carefully, enroll in any offered credit monitoring, and monitor financial accounts, credit reports, and explanation of benefits forms for suspicious activity. Because the affected information may have included Social Security numbers and financial account information, individuals may also want to place a fraud alert or credit freeze with the three major credit bureaus, consider obtaining an IRS Identity Protection PIN, and report any suspected identity theft through IdentityTheft.gov.
Sources and additional information about the data breach:
Class Action FAQ
About This Data Breach Resource
This page was created to give affected individuals and researchers a clear, comprehensive explanation of the Tower Administrative Services data breach. It summarizes what is currently known about the incident, including the timeline, how the breach was discovered, the types of information involved, the number of people affected when available, important notice dates, and steps individuals may want to take after receiving a data breach notification.
This resource is independently written and organized to help readers understand the breach without having to review multiple notices, state attorney general filings, company statements, and related materials. When available, this page relies on primary sources and identifies key facts, unanswered questions, and updates as new information becomes public.
This page is especially relevant for readers searching for information about the Tower Administrative Services data breach, Tower Administrative Services data breach notice, Tower Administrative Services class action investigation, what information was exposed, how many people were affected, and what affected individuals should do next.
Abington Cole + Ellery reviews data breach incidents involving sensitive personal information, financial information, and protected health information. This page is intended to help affected individuals understand the publicly reported facts, the types of information that may have been involved, and practical steps that may reduce the risk of identity theft or medical identity theft.
The information on this webpage is provided for general informational purposes only and does not constitute legal advice. Nothing on this page should be relied upon as legal advice for any particular situation. Submitting information through this page does not create an attorney-client relationship.
For more information about steps you can take to possibly reduce the risk harm arising from a data breach, please review the following article: What are some steps you can take if you've been the victim of a data breach?
This website is not associated with nor authorized by Tower Administrative Services or any affiliated companies. If you have received any other data breach notifications, you may want to review Abington Cole + Ellery's current list of data breach investigations.