Call Center Rep Accessed Data of More Than 2,000 Customers at Inspira Financial

Inspira Financial Trust LLC—a provider of health, wealth, retirement and benefits solutions—on February 20 notified at least 2,308 retirement plan participants of a data breach, according to an alert on the Maine attorney general’s website. 

A third-party call center representative improperly accessed data relating to a “limited number of retirement accounts” operated by Inspira, according to the letter the company sent to affected participants.

In January, according to the letter, Inspira—renamed from Millennium Trust Co. in January 2024—learned that the breach occurred between December 2024 and January 2025. The personal information accessed may have included participants’ names, Social Security numbers, dates of birth, mailing addresses, previous employers, previous retirement plan sponsors, and Inspira account numbers, types and balances.

After learning of the issue, Inspira took steps to determine the nature and scope of the breach, the letter stated. The call center representative at issue is no longer an Inspira contractor, and the company is working with the call center vendor to ensure the breach has been reported to law enforcement authorities.

Inspira also flagged affected participants’ accounts for enhanced security review before any transactions can take place as an additional security measure. The hold is in place until participants verify their identity and direct Inspira to remove the flag.

Inspira is offering identity protection and credit monitoring services through Experian for two years at no cost to affected participants.

Inspira serves 8 million customers and institutional clients, and it custodies $63.1 billion in assets for them. Inspira did not immediately respond to a request for comment on the incident.

This breach comes just one week after The Pension Specialists Ltd., an independent retirement plan third-party administrator, disclosed a 2024 data breach in which more than 71,000 people had their personal information exposed. That incident was described as an external system breach or hacking.