Andy Frain Services Data Breach Affects 100,964 People

In late 2024, Andy Frain Services, Inc., a leading U.S. provider of security and event staffing solutions, experienced a significant data breach that impacted over one hundred thousand people. On October 23, 2024, the company discovered unauthorized activity within its computer network, prompting an immediate investigation and response.

The breach was substantial in scale, affecting a reported 100,964 people in the United States, including 79 residents of Maine, according to the official disclosure to the Maine Attorney General’s office. The company notified consumers in writing on May 5, 2025.

The incident was caused by a ransomware attack attributed to the BlackBasta group. On November 19, 2024, BlackBasta claimed responsibility on a dark web Tor site, stating they had obtained 750 GB of data from Andy Frain Services, including accounting, human resources, legal, contracts, and payroll information. The attackers threatened to publish the data within a week if their demands were not met.

The compromised data primarily originated from human resources files stored in a network location that was accessed without authorization. The types of information exposed vary by individual but may include names, Social Security numbers, dates of birth, and other personally identifiable information (PII). There is no indication that protected health information (PHI) was involved, nor is there evidence at this time that the stolen data has been misused.

The breach was classified as a ransomware incident, with the attackers gaining access to sensitive internal files and threatening public release. The scale and nature of the data involved, along with the volume of affected individuals, underscore the seriousness of this event.

Andy Frain Services, Inc.'s response

After detecting the unauthorized activity, Andy Frain Services took immediate action to secure and remediate the compromised systems. The company engaged third-party digital forensic experts to investigate the breach, identify the scope of the incident, and enhance data security. Additional measures included hardening network defenses and increasing employee awareness training.

To support those affected, Andy Frain Services is offering complimentary credit monitoring and identity restoration services for 12 or 24 months through CyEx, a company specializing in fraud assistance and remediation. Impacted individuals can enroll using a unique activation code provided in their notification letter. The company also recommends that all affected individuals remain vigilant by monitoring their accounts, reviewing credit reports, and considering placing fraud alerts or security freezes with the major credit bureaus.

Further, Andy Frain Services has cooperated with law enforcement throughout the investigation. The company has provided detailed instructions in its consumer notice about how to protect personal information, including steps for obtaining a free credit report, placing fraud alerts or security freezes, and implementing an Identity Protection PIN (IP PIN) with the IRS to prevent tax-related identity theft.

The official notice to consumers, which outlines these resources and additional steps, will be available at the bottom of this article’s page in PDF format.

For more information about the company, visit the Andy Frain Services website.