Back

Interstate Management Company and MMMCA Data Breaches Expose Thousands of SSNs

Severity: High (Score: 64.5)

Sources: Classaction

Published: 2026-05-28 · Updated: 2026-05-28

Keywords: data, breach, interstate, management, company, mmmca, attorneys

Severity indicators: breach, data breach

Summary

Two significant data breaches have occurred in May 2026, affecting thousands of individuals. The Interstate Management Company reported a breach impacting 22,743 people, with personal data accessed between November 19 and November 22, 2025. The compromised data includes names, Social Security numbers, and financial details. Meanwhile, the Metropolitan Marine Maintenance Contractors' Association (MMMCA) disclosed a breach affecting 25,528 individuals, with unauthorized access detected on April 7, 2026. The MMMCA breach also exposed Social Security numbers, dates of birth, phone numbers, and addresses. Both organizations are currently investigating the incidents and potential class action lawsuits are being considered. Individuals affected by these breaches are encouraged to come forward to seek compensation for their losses. Key Points: • Interstate Management Company breach affects 22,743 individuals with sensitive data exposed. • MMMCA breach impacts 25,528 individuals, compromising Social Security numbers and personal information. • Both organizations are under investigation for potential class action lawsuits.

Detailed Analysis

**Impact** The breaches affected a combined total of 48,271 individuals across hospitality and marine maintenance sectors in the United States. Interstate Management Company’s breach impacted 22,743 individuals, primarily customers of The Westin San Diego Bayview, exposing names, Social Security numbers (SSNs), financial account details, and potentially medical and health insurance information. The MMMCA breach affected 25,528 people, including marine contractors in New York and New Jersey, exposing SSNs, dates of birth, phone numbers, and addresses. Both incidents risk identity theft and financial fraud, with potential legal and reputational consequences for the organizations involved. **Technical Details** The Interstate Management Company breach occurred between November 19 and 22, 2025, involving unauthorized access to hotel systems; specific attack vectors and tools were not disclosed. The MMMCA breach was detected on April 7, 2026, resulting from unauthorized network activity via a compromised virtual private network (VPN) used to access pension and benefit fund environments. No malware, CVEs exploited, or detailed TTPs were provided in the reports. Indicators of compromise (IOCs) were not included. **Recommended Response** Organizations should immediately review and strengthen VPN access controls, including multi-factor authentication and monitoring for anomalous activity. Conduct thorough audits of access logs and network traffic around the breach periods to detect lingering threats. Notify affected individuals promptly and provide guidance on identity theft protection. Monitor for potential misuse of exposed SSNs and related personal data. No specific patches or IOCs were provided for direct blocking actions.

Source articles (2)

  • MMMCA Data Breach Impacts 25K, Exposes SSNs; Lawyers Investigating — Classaction · 2026-05-26
    Attorneys working with ClassAction.org are looking into whether a class action lawsuit can be filed in light of the MMMCA data breach. As part of their investigation, they need to hear from individual…
  • Interstate Management Company Data Breach Affects 22K — Classaction · 2026-05-28
    Attorneys working with ClassAction.org are looking into whether a class action lawsuit can be filed in light of the Interstate Management Company data breach. As part of their investigation, they need…

Timeline

  • 2025-11-19 — Interstate Management Company data accessed: Personal data was accessed from hotel systems between November 19 and November 22, 2025.
  • 2026-04-07 — MMMCA detects unauthorized network activity: MMMCA and associated funds detected unauthorized access via a virtual private network.
  • 2026-05-22 — MMMCA notifies affected individuals: Notification letters were sent to those affected by the MMMCA data breach starting May 22, 2026.
  • 2026-05-28 — Interstate Management Company breach reported: Interstate Management Company confirmed the data breach affecting over 22K individuals.

Related entities

  • Data Breach (Attack Type)
  • Interstate Management Company (Company)
  • Metro-ILA Pension, Fringe Benefit, And Individual Account Retirement Funds (Company)
  • Metropolitan Marine Maintenance Contractors' Association (Company)
  • classaction.org (Domain)
  • T1021 - Remote Services (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed