Inspira Financial Trust, a provider of health, wealth and retirement services, notified more than 2,300 customers that their personal data was improperly accessed by a third-party call-center representative, the company disclosed in a filing with the Office of the Maine Attorney General on Feb. 20.
The cyber thief accessed customer names, Social Security numbers and other personal data in a breach that involved a limited number of retirement accounts for which Inspira is the custodian, the company said in the filing.
In addition to names and Social Security numbers, the cybercriminal had access to victims’ birth dates, mailing addresses, previous employers/retirement plan sponsors and Inspira account information, including balances.
The theft occurred between December 2024 and January 2025, according to the filing.
Inspira did not immediately respond to an email seeking comment.
After learning of the data theft in January, the company took steps to determine its nature and scope, Inspira explained in a letter to customers that was part of the filing.
The company said the call-center representative is no longer an Inspira contractor and it is working with the call-center vendor to ensure that the matter has been reported to law enforcement authorities.
As an added measure of security, Inspira also flagged affected customer accounts for enhanced security review before any transactions can take place. Account transactions will be frozen until affected customers verify their identity with Inspira and direct the company to remove the flag, the company explained in the letter to customers.
In addition, Inspira is offering affected customers complimentary identity-protection and credit-monitoring services through Experian for two years.
“We take our obligation to safeguard personal information very seriously and are alerting you about this issue so you can take steps to help protect your information,” Inspira said in the letter.
Of the 2,308 people affected by the theft, one resides in Maine.
Inspira has 8.2 million individual and institutional clients, including the majority of the 10 largest record keepers, it said on its website. The company has $62 billion in assets under custody.
The cyber theft follows multiple other breaches at other institutions. On Feb. 14, for example, retirement plan administrator The Pension Specialists reported that more than 71,000 retirement savers had their personal data breached in a cyber incident that occurred a year ago. Fidelity also reported data breaches affecting more than 77,000 customers in October, following disclosures by several firms using Infosys McCamish Systems as a third-party vendor of a widespread data breach that hit more than 6 million people in 2023.
