Alpine Lumber Data Breach: Social Security Numbers Exposed

Alpine Lumber Company, a wholesale building materials supplier based in Colorado, recently experienced a data breach that exposed sensitive information of employees, former employees, and their dependents or beneficiaries.

The company discovered the breach on Dec. 22, 2025, after detecting that certain devices on its network had been encrypted with ransomware. A subsequent investigation, aided by third-party cybersecurity professionals, revealed that an unauthorized actor had accessed and obtained files from a file server between Dec. 14 and Dec. 22, 2025.

The files viewed and exfiltrated by the attacker contained a wide range of personally identifiable information (PII) and protected health information (PHI).

The data exposed included names, addresses, Social Security numbers, dates of birth, health insurance plan enrollment information, health insurance policy numbers, medical information, driver’s license numbers, state identification card numbers, passport numbers, other government-issued identification numbers, financial account information, and payment card information.

The breach was disclosed to the Vermont Attorney General on Feb. 19, 2026. Alpine Lumber Company has also posted a notice of the data security incident on its website.

At this time, it is undisclosed how many people have been affected by this breach.

Alpine Lumber Company's response

To help protect those affected, Alpine Lumber is offering complimentary credit monitoring and identity protection services through Epiq – Privacy Solutions ID. Impacted individuals can enroll in credit monitoring, which includes three-bureau credit monitoring, credit report and score access, $1 million in identity theft insurance, identity restoration services, and dark web monitoring.

Instructions for enrollment and activation codes were provided to affected individuals in the notification letter.

Given the nature of the ransomware attack and the breadth of information accessed, it is important for affected individuals to remain vigilant. Recommended actions include:

• Reviewing account statements and free credit reports for unauthorized activity
• Placing fraud alerts or credit freezes with the major credit bureaus
• Monitoring health insurance and medical statements for unfamiliar charges
• Taking advantage of the free identity protection services offered