
The Surplus Line Association of California (SLA), the statutory surplus line advisory organization for the California Department of Insurance, has disclosed a data breach involving Social Security numbers. If you received a notice about this incident, here's what is currently known and the steps you can take to protect yourself. Contact our data breach lawyers to learn more.
On July 14, 2026, the Surplus Line Association of California reported the breach to the Vermont Attorney General’s Office. As of this writing, SLA has not released detailed public information about the incident, including how the breach occurred, when it was discovered, or the total number of individuals affected.
What is confirmed is that Social Security numbers—one of the most sensitive pieces of personal information—were exposed. SLA serves a key regulatory support role in California’s surplus lines insurance market. The association handles licensing and transaction data for insurance brokers and policies, which likely explains the presence of SSNs in its systems.
According to available reports, the compromised data includes:
• Social Security numbers
• Potentially additional personal identifiers (such as names, dates of birth, addresses, or other details), which may vary by individual
Because SLA has not issued a full breakdown, carefully review any notice you receive. It may specify the exact data elements tied to your record.
SLA has established a dedicated phone line for individuals with questions about whether their information was affected. At this time, the organization has not released a comprehensive public statement detailing containment efforts, the incident timeline, or any offers of free credit monitoring or identity protection services.
An exposed Social Security number creates a long-term risk of identity theft, as it cannot be easily changed like a password. If you received a notice from SLA or suspect your information was involved, take precautions and contact an attorney.
Organizations that collect and store Social Security numbers—including trade associations supporting regulatory functions—have a legal duty under state laws to implement reasonable security safeguards. Breaches like this often raise questions about whether adequate protections were in place and whether timely notifications were provided. As more details emerge, these aspects will be closely examined.
The Lyon Firm represents individuals impacted by data breaches involving sensitive information, such as Social Security numbers exposed by insurance-related organizations. Our data breach attorneys thoroughly investigate the incident, assess whether reasonable data security practices were followed, and hold responsible parties accountable.
We work on a contingency-fee basis, meaning there is no upfront cost to you. If you received a notice related to the SLA data breach, contact The Lyon Firm today for a free, confidential consultation to learn about your rights and options.
Many details about this incident remain undisclosed, and this post may not reflect later developments. Nothing herein should be interpreted as a statement of fact regarding fault or liability on the part of the Surplus Line Association of California.
Taking the first step doesn’t have to be complicated. In just a few minutes, you can share the basics of your case, and our team will guide you from there: