Brock Built data breach: sensitive personal and financial information compromised

Key facts: Brock Built data breach

• Date occurred: October 17, 2025
• Date discovered: October 21, 2025
• Date reported: March 27, 2026
• Target entity: Brock Built
• Source of breach: Unknown, unauthorized third-party
• Data types: Dates of birth, driver's license numbers, financial account numbers, health insurance details, medical records, passport numbers, payment card numbers, social security numbers
• Status: Confirmed; reported on March 27, 2026.
• Severity: Medium; the exposure of highly sensitive personal, financial, and medical data increases the risk of identity theft and fraud.

What happened in the Brock Built data breach?

Brock Built (brockbuilt.com) disclosed a data breach on March 27, 2026, which originated from an unauthorized access incident. The breach was first discovered on October 21, 2025, following a forensic investigation that determined the unauthorized activity occurred between October 17, 2025, and October 20, 2025. No specific threat actor has been identified in connection with this security event.

The incident is classified as medium severity due to the sensitive nature of the compromised information. Data types potentially exposed include dates of birth, driver's license numbers, financial account numbers, health insurance details, medical records, passport numbers, payment card numbers, and social security numbers. While there are currently no reports of fraud resulting from the breach, the depth of the data involved could lead to long-term identity theft risks or targeted phishing campaigns.

Who is behind the incident?

The attacker or cause of the incident has not been identified.

Impact and risks for Brock Built customers

The impact on individuals associated with Brock Built is significant given the breadth of sensitive data types involved. Exposed social security numbers, passport numbers, and financial account details provide a foundation for sophisticated identity theft and financial fraud. Furthermore, the inclusion of medical records and health insurance details increases the risk of medical identity theft, where attackers may attempt to obtain medical services or insurance payouts under a victim's name.

Typical outcomes for such breaches include a surge in targeted social engineering and phishing attempts. Affected individuals should immediately monitor their financial statements, place credit freezes if necessary, and remain vigilant against unsolicited communications. Proactive transparency from the organization helps mitigate these risks by allowing users to secure their accounts promptly.

How to protect against similar security incidents

Following the exposure of highly sensitive personal and financial data at Brock Built, affected individuals and organizations should take immediate steps to secure their identities and monitor for fraudulent activity.

• Enroll in credit monitoring and identity theft protection. Given the exposure of Social Security numbers and passport details, individuals should activate credit monitoring services. Consider placing a security freeze on credit reports to prevent unauthorized accounts from being opened.
• Monitor financial and medical accounts. Regularly review bank statements, credit card activity, and health insurance Explanation of Benefits (EOB) statements for any unrecognized charges or services. Report any suspicious activity to the respective financial institution or healthcare provider immediately.
• Implement phishing-resistant security measures. Be cautious of emails or phone calls requesting additional personal information, as attackers may use the breached data to build trust. Use hardware security keys or app-based MFA for all sensitive accounts to prevent unauthorized access.
• Adopt continuous attack surface management. Organizations should deploy tools to monitor their digital footprint and identify vulnerabilities before they are exploited. Regular security audits and forensic readiness can reduce the window between an incident's occurrence and its discovery.

Proactive monitoring and rapid response remain the best defenses against the long-term risks associated with a data breach of this scale.

Frequently asked questions

What happened in the Brock Built security breach?

On March 27, 2026, Brock Built (brockbuilt.com) disclosed a security breach. According to initial reports, Brock Built Homes experienced a data incident that may have affected personal information of individuals, including Social Security numbers, financial account numbers, and medical records.

When did the Brock Built breach occur?

The Brock Built breach was publicly reported on March 27, 2026. The actual incident took place between October 17, 2025, and October 20, 2025, and was discovered by the company on October 21, 2025.

What data was exposed?

The types of data involved in the Brock Built incident include dates of birth, driver's license numbers, financial account numbers, health insurance details, medical records, passport numbers, payment card numbers, and social security numbers.

Is my personal information at risk?

If you interacted with Brock Built, there's a possibility your personal information could be affected. Similar incidents often involve email addresses, login details, or financial records. Stay alert for updates and take precautionary measures to secure your accounts.

What steps should companies take after being breached?

Brock Built has likely moved to secure its systems, notify affected parties, and provide guidance on protective actions. Companies in this position typically review security measures and deploy attack surface management to prevent future occurrences.

Sources

Data breach reported for Brock Built Homes

This cybersecurity news article is powered by UpGuard Breach Risk — continuous attack surface monitoring for your organisation and supply chain.