BFC Solutions Data Breach Affects 8,371 Individuals

BFC Solutions, preventive maintenance services provider for commercial HVAC systems, has experienced a data breach affecting thousands of individuals across the United States. The cybersecurity incident occurred following a network disruption that took place between June 18, 2024, and June 20, 2024.

An investigation determined that unauthorized actors gained access to certain BFC Solutions systems and both personally identifiable information (PII) and protected health information (PHI) were compromised. Exposed information includes names, dates of birth, Social Security numbers, driver's license or state ID numbers, health insurance information, medical information and financial information.

BFC Solutions disclosed the data breach to the Maine, Massachusetts and Texas Attorney Generals' offices beginning on Aug. 14, 2025. The cybersecurity incident impacted at least 8,371 individuals, including 838 Texas residents, 100 in Massachusetts and 14 in Maine.

The breadth of information accessed, including both PII and PHI, raises the risk of identity theft, financial fraud and medical identity theft. The company began notifying affected individuals on Aug. 14, 2025.

BFC Solutions' response

BFC Solutions is offering complimentary credit monitoring, credit reports and credit score services for 12 months through Cyberscout, a TransUnion company. These services include alerts for changes to credit files, as well as proactive fraud assistance and remediation support.

If you receive a data breach notice from BFC Solutions, you may want to:

• Sign up for the free TransUnion Cyberscout credit monitoring services, offered by BFC Solutions.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information about the company, visit BFC Solutions’ website.