Surplus Line Association of California Data Breach Investigation

Written by 
Published on:
July 15, 2026
Updated on:
July 15, 2026

The Surplus Line Association of California (SLA), the statutory surplus line advisory organization for the California Department of Insurance, has disclosed a data breach involving Social Security numbers. If you received a notice about this incident, here's what is currently known and the steps you can take to protect yourself. Contact our data breach lawyers to learn more.

What Happened at SLA?

On July 14, 2026, the Surplus Line Association of California reported the breach to the Vermont Attorney General’s Office. As of this writing, SLA has not released detailed public information about the incident, including how the breach occurred, when it was discovered, or the total number of individuals affected.

What is confirmed is that Social Security numbers—one of the most sensitive pieces of personal information—were exposed. SLA serves a key regulatory support role in California’s surplus lines insurance market. The association handles licensing and transaction data for insurance brokers and policies, which likely explains the presence of SSNs in its systems.

What Information May Have Been Exposed

According to available reports, the compromised data includes:

• Social Security numbers

• Potentially additional personal identifiers (such as names, dates of birth, addresses, or other details), which may vary by individual

Because SLA has not issued a full breakdown, carefully review any notice you receive. It may specify the exact data elements tied to your record.

SLA’s Response

SLA has established a dedicated phone line for individuals with questions about whether their information was affected. At this time, the organization has not released a comprehensive public statement detailing containment efforts, the incident timeline, or any offers of free credit monitoring or identity protection services.

An exposed Social Security number creates a long-term risk of identity theft, as it cannot be easily changed like a password. If you received a notice from SLA or suspect your information was involved, take precautions and contact an attorney.

Organizations that collect and store Social Security numbers—including trade associations supporting regulatory functions—have a legal duty under state laws to implement reasonable security safeguards. Breaches like this often raise questions about whether adequate protections were in place and whether timely notifications were provided. As more details emerge, these aspects will be closely examined.

Why Choose The Lyon Firm?

The Lyon Firm represents individuals impacted by data breaches involving sensitive information, such as Social Security numbers exposed by insurance-related organizations. Our data breach attorneys thoroughly investigate the incident, assess whether reasonable data security practices were followed, and hold responsible parties accountable.

We work on a contingency-fee basis, meaning there is no upfront cost to you. If you received a notice related to the SLA data breach, contact The Lyon Firm today for a free, confidential consultation to learn about your rights and options.

Many details about this incident remain undisclosed, and this post may not reflect later developments. Nothing herein should be interpreted as a statement of fact regarding fault or liability on the part of the Surplus Line Association of California.

Contact Us

Request a Free Consultation

Taking the first step doesn’t have to be complicated. In just a few minutes, you can share the basics of your case, and our team will guide you from there:

  • It begins with a few simple questions about your situation.
  • From there, a member of our legal team reviews your case.
  • Together, we’ll chart the path forward, helping you take the next step toward resolution.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.