Beacon Mutual, a Warwick, Rhode Island-based workers’ compensation insurer, said it restored services Jan. 20, six days after detecting suspicious activity and disconnecting certain systems to contain the threat.
The incident was first reported by Rhode Island Current, which said the company confirmed it after inquiries tied to ransomware-tracking posts.
In a statement, Beacon Mutual said it received an alert about suspicious activity on Jan. 14 and later determined there was “unauthorized access” to its systems. The company said it disconnected select systems, launched a forensic investigation and notified law enforcement.
Beacon Mutual said “services and systems were safely and securely restored” as of Jan. 20 and that it is working with cybersecurity experts to determine the scope of the incident.
The insurer has not said which functions were disrupted or whether any data was accessed or taken. Beacon said that if its investigation finds personal information was accessed or acquired without authorization, it will notify affected individuals as required by law. The company also said its production environment was not encrypted.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
DysruptionHub sought comment from Beacon on the scope of any service disruption and potential data exposure but did not receive a response beyond the company’s public statement.
Separately, ransomware-tracking site Ransomware.live lists Beacon Mutual as a claimed victim of the “Incransom” group and describes a “major data leak” involving 275 gigabytes of data. The claim has not been independently verified by DysruptionHub.
A threat profile published by Blackpoint Cyber describes INC Ransom as a ransomware-as-a-service operation that has used “double extortion” tactics, including threats to publish stolen data.
The group has previously been linked in reporting to other U.S. targets, including the Pennsylvania Office of Attorney General, which posted a public notice describing an August 2025 network incident involving unauthorized access.
Beacon Mutual’s January incident follows other insurer cyber disruptions reported in 2025, including Erie Insurance and Philadelphia Insurance Companies in Pennsylvania, which reported outages and forensic investigations. Rhode Island agencies also faced a major outage in late 2024 when the state took the RIBridges public benefits system offline after its vendor warned of a security threat.
Beacon Mutual says it provides workers’ compensation insurance for businesses in Rhode Island, Massachusetts and Connecticut and has operated for more than 30 years.
The company said its investigation is ongoing.
