Metropolitan Adjustment Bureau Data Breach Exposes 1 TB of Client and Employee Records

The Metropolitan Adjustment Bureau data breach has been claimed by the CHAOS ransomware group, who allege they exfiltrated approximately 1000 GB of sensitive internal data from Metropolitan Adjustment Bureau, a public insurance adjusting firm based in Encino, California. According to the attackers, the stolen data includes insurance claim files, client identity documents, employee records, disaster damage reports, internal communications, financial data, contracts, and other confidential materials. The leak was published on November 14, 2025, and the group claims to possess a massive trove of internal documents that they intend to release publicly unless demands are met. The Metropolitan Adjustment Bureau data breach is a major incident because insurance adjusting firms process extensive personal, financial, and legal information while handling claims related to fire, water, earthquake, and catastrophic loss.

Metropolitan Adjustment Bureau is a public insurance adjusting company with more than 50 years of experience providing homeowners and businesses with assistance in filing and negotiating insurance claims. The firm represents policyholders rather than insurance carriers, helping them document losses, interpret insurance policies, prepare case files, and secure financial compensation following disasters. As part of this work, Metropolitan Adjustment Bureau stores substantial documentation including damage photos, insurance policies, estimates, building diagrams, signed legal forms, personal identification, financial statements, and communications with insurance companies. This makes the Metropolitan Adjustment Bureau data breach particularly severe, as 1000 GB of stolen data could easily cover many years of claims files and the identities of thousands of individuals and businesses.

Background on Metropolitan Adjustment Bureau

Metropolitan Adjustment Bureau handles a wide range of claims including fire damage, water damage, earthquake losses, structural collapse, storm damage, vandalism, foundation issues, business interruption, and other insured events. Their clients often rely on the firm after experiencing significant personal or financial loss. The company assists with documenting damage, understanding insurance language, negotiating settlements, and preparing evidence to support claims. This role requires the firm to collect detailed personal and financial information, including home inventories, insurance policies, mortgage information, contractor estimates, inspection reports, legal correspondence, and personal identification documents.

Insurance adjusters maintain extensive archives of claims files because many cases require ongoing reference, legal review, policy evaluations, or supplemental evidence. As a result, companies like Metropolitan Adjustment Bureau store multi year documentation that can include detailed descriptions of residential and commercial properties, structural diagrams, contractor invoices, legal agreements, and correspondence involving insurers, policyholders, and third party experts. The volume and sensitivity of these materials mean that the Metropolitan Adjustment Bureau data breach could expose not only basic identity information but also details about property ownership, financial burdens, disputes with insurance carriers, and confidential assessments used in settlement negotiations.

A breach involving 1000 GB of data suggests broad system access and the potential compromise of nearly all critical document repositories used by the company. The CHAOS ransomware group is known for targeting organizations that store large, high value datasets that can be used to pressure victims into payment. The Metropolitan Adjustment Bureau data breach reflects this trend and highlights the vulnerabilities of firms that rely heavily on document based workflows.

What CHAOS Claims Was Stolen

The CHAOS ransomware group reports that the Metropolitan Adjustment Bureau data breach includes a massive variety of sensitive documents. Although full details have not yet been disclosed publicly, their leak site states that the stolen 1000 GB dataset contains personal information, employee identifiers, and a substantial collection of insurance claim documents. Claims adjusting firms maintain many types of files, and if the CHAOS group accessed multiple internal systems, the Metropolitan Adjustment Bureau data breach may involve data such as:

• Insurance claim files for homeowners, businesses, and commercial properties
• Damage assessments, photos, structural reports, and inspection files
• Policyholder identity documents including driver licenses and passports
• Employee files containing payroll information, contact details, and Social Security numbers
• Signed insurance forms, sworn statements, and legal correspondence
• Invoices, receipts, estimates, and contractor documentation
• Emails between adjusters, insurers, clients, attorneys, and third party firms
• Building diagrams, repair plans, and valuation reports
• Tax documents, financial statements, and sensitive homeowner information

If the CHAOS ransomware group accessed photo archives, the Metropolitan Adjustment Bureau data breach may also include thousands of pictures of damaged homes, interiors, personal property, and building layouts. Files of this nature can contain extremely personal details including sensitive property information, valuable belongings, and private family areas that were photographed as part of the claims process.

Legal and insurance correspondence stored within claims files can include confidential discussions of coverage disputes, valuations, policyholder disagreements, settlement strategies, and communications that were not intended for public release. Such information carries reputational, financial, and legal risks for both the company and affected clients. The Metropolitan Adjustment Bureau data breach is therefore not only a privacy violation but a potential legal and financial liability for victims.

How the Metropolitan Adjustment Bureau Data Breach May Have Occurred

The specific intrusion vector used by the CHAOS ransomware group has not been confirmed, but the techniques previously used by the group provide insight. CHAOS is known for exploiting weak passwords, compromised remote access systems, outdated server software, and insecure network configurations. The group frequently targets organizations that maintain large file repositories, which are common in industries such as insurance, real estate, legal services, and public adjusting.

Potential entry points for the Metropolitan Adjustment Bureau data breach include:

• Phishing attacks directed at administrative or claims processing employees
• Compromised VPN credentials or unprotected remote access portals
• Exploitation of unpatched vulnerabilities in document management systems
• Breaches of cloud storage platforms used to store claim files
• Insecure email servers containing sensitive correspondence
• Weak access restrictions on internal file servers

Claims adjusting firms often work with multiple external entities including contractors, appraisers, inspectors, remediation companies, and independent adjusters. These third party interactions may increase exposure due to shared data, emailed documents, and external system access. If the CHAOS group compromised a shared network or a third party vendor, the breach may have expanded more quickly. The Metropolitan Adjustment Bureau data breach is likely the result of an attacker leveraging a combination of credential theft, vulnerability exploitation, and lateral movement across internal systems where claims data and identity files were stored.

Risks from the Metropolitan Adjustment Bureau Data Breach

The Metropolitan Adjustment Bureau data breach poses multiple risks for homeowners, businesses, policyholders, employees, and partners. Because the stolen data involves insurance claims and personal documentation, the potential harm includes financial fraud, identity theft, targeted extortion, and privacy violations. The 1000 GB dataset may also include sensitive information about property damage, settlement amounts, disputed claims, and legal proceedings.

Identity Theft: Claim files frequently contain personal identification including driver licenses, passports, Social Security numbers, and account information. Criminals may use this data to commit fraud, open unauthorized accounts, or impersonate victims.

Financial and Insurance Fraud: Stolen documents may enable attackers to file fraudulent insurance claims, redirect payments, or manipulate financial communications with insurers. The Metropolitan Adjustment Bureau data breach increases the likelihood of fraudulent activity involving policyholder accounts.

Property and Home Security Risks: Claims files and damage photos often reveal building layouts, addresses, security vulnerabilities, and photographs of interior spaces. This information can be misused by threat actors who might leverage these details for further malicious activity.

Reputational Harm for Affected Individuals: Legal disputes, insurance disagreements, and damage assessments are often deeply personal. Public exposure of these documents through the Metropolitan Adjustment Bureau data breach may cause distress and embarrassment.

Employee Exposure: Employee files containing payroll details, tax documents, emergency contacts, and medical information may be at risk, contributing to long term identity threats.

Business Risks for Commercial Clients: Commercial property claims often involve confidential information about business operations, equipment losses, valuations, revenue impacts, and proprietary financial data. Exposure of these materials through the Metropolitan Adjustment Bureau data breach may harm affected businesses.

About the CHAOS Ransomware Group

The CHAOS ransomware group is known for large scale data theft, destructive extortion tactics, and targeting organizations with high value internal documentation. Unlike some ransomware groups that focus on system encryption, CHAOS frequently prioritizes data exfiltration and publication. Their breach announcements normally include threats to release vast quantities of sensitive material, and the Metropolitan Adjustment Bureau data breach follows this pattern. By advertising 1000 GB of stolen documents, the attackers aim to maximize pressure on the victim by highlighting the depth and severity of the exposure.

CHAOS has targeted organizations in insurance, legal services, construction, health care, manufacturing, and real estate. Their victims often store extensive sensitive data that can be used to coerce payments or create long term harm for individuals affected by the breach. The Metropolitan Adjustment Bureau data breach is consistent with their strategy of focusing on organizations with document intensive operations.

Impact on Policyholders and Homeowners

The Metropolitan Adjustment Bureau data breach may affect individuals who filed claims for fire, water, earthquake, or disaster related damage. These claims typically include detailed descriptions of personal possessions, structural damage, interior photographs, contractor evaluations, and private correspondence. Such data is highly sensitive because it often reflects moments of personal hardship or significant financial loss.

Policyholders affected by the Metropolitan Adjustment Bureau data breach may be at risk of:

• Fraudulent communications referencing real claim numbers
• Phishing emails disguised as insurers or contractors
• Misuse of personal photographs or documents shared during the claims process
• Unauthorized attempts to access insurance accounts
• Requests for payments or additional documentation from attackers posing as adjusters

Because the CHAOS ransomware group may release the stolen files publicly, affected individuals could experience long term exposure of sensitive home and financial information.

Impact on Employees

The Metropolitan Adjustment Bureau data breach is likely to impact past and present employees whose identity files, employment documents, and payroll records may be included in the 1000 GB dataset. Employee data often includes Social Security numbers, addresses, tax information, direct deposit details, and background check materials. Exposure of this information increases risks of identity theft, tax fraud, account takeover, and malicious targeting through phishing or social engineering.

Recommended Actions for Affected Individuals

Individuals whose data may be included in the Metropolitan Adjustment Bureau data breach should take immediate steps to reduce risk. Monitoring financial statements, reviewing insurance accounts, securing passwords, and checking credit reports are essential. To help ensure systems remain free of malware that could lead to additional compromise, individuals can use a reputable tool such as Malwarebytes.

Policyholders should be cautious when opening emails or responding to calls that reference claim information, as attackers may impersonate contractors or insurers using stolen data. Any communication involving payments or personal details should be verified through known, trusted channels.

Industry Implications

The Metropolitan Adjustment Bureau data breach underscores the widespread cybersecurity vulnerabilities within the insurance adjustment sector. Public adjusters handle sensitive, long term information on behalf of clients and store extensive electronic documentation. Many firms rely on older systems or shared drives that lack robust access control. The breach illustrates the critical need for improved cybersecurity across the insurance industry including stronger authentication, encryption, data segmentation, secure email protocols, and continuous monitoring of remote access systems.

As ransomware groups continue to target high value data, firms in the insurance and property claim sectors must adopt more advanced protections to prevent incidents like the Metropolitan Adjustment Bureau data breach. The volume of exposed data and the sensitivity of claims documentation highlight the need for rapid incident response and long term identity protection for affected individuals.

To stay informed about major data breaches and emerging cybersecurity threats, visit Botcrawl for ongoing reporting and analysis.