What Is This About?

If you recently received a letter or an email from illumifin Corporation (“illumifin”) informing you that your sensitive personal or protected health information was compromised in a data breach, we would like to speak with you about your rights and potential legal remedies. We would also like to speak with you if you received communication from a company reporting that your information was involved in the illumifin breach. illumifin recently disclosed that it was the victim of a data breach that exposed individuals’ sensitive personal and protected health information.

What Happened?

On November 4, 2025, illumifin Corporation identified suspicious activity within a portion of its computer network. The company promptly initiated its incident response protocols, secured its systems, and engaged third-party cybersecurity experts to investigate the nature and scope of the incident. Law enforcement authorities were also notified.

The investigation determined that an unauthorized actor gained access to illumifin’s network and acquired certain files stored on its systems. By November 10, 2025, illumifin confirmed that some of the accessed files contained information received from or maintained on behalf of its insurance carrier clients.

Following a detailed review of the impacted data, illumifin notified its client companies of the breach on January 9, 2026, and provided lists of affected individuals on or around February 25, 2026. On March 31, 2026, illumifin filed official notice of the data breach with state authorities in Texas, California, and Massachussetts.

illumifin is sending notice of the breach to affected persons on behalf of at least some of its client companies, so affected persons might receive notice of the breach from illumifin, a separate company, or both.

What Information Was Impacted?

Upon information and belief, the following types of sensitive personal and protected health information may have been compromised:

• • • • • • • • • • • Names;
                    • Addresses;
                    • Social Security numbers;
                    • Financial account information (e.g. bank account information);
                    • Payment card information (e.g. credit or debit card information);
                    • Medical information;
                    • Dates of birth; and
                    • Other personal identifying information.

What Action Can You Take?

Levi & Korsinsky, LLP is investigating whether affected individuals are entitled to compensation. If you are related to illumifin Corporation or received a notice from them, there is no cost or obligation to participate. Follow the link below to find out about your rights and potential legal remedies available.