Builders FirstSource Data Breach Exposes Health Information for Individuals

Builders FirstSource Flex Plan, an entity connected to the building materials company Builders FirstSource Inc., disclosed a data breach that affected 1,514 individuals in the United States.

The breach was reported to the U.S. Department of Health and Human Services on Feb. 18, 2026, as required for breaches involving protected health information.

The breached entity is listed specifically as Builders FirstSource Flex Plan, though details about the nature and purpose of this plan are not publicly available in the company's online materials.

What happened in the Builders FirstSource Flex Plan data breach

Before the breach was officially reported to federal regulators, a threat actor known as Leaknet posted a claim on the dark web on Dec. 30, 2025. Leaknet alleged that it had obtained data from Builders FirstSource and stated it intended to publish the stolen information within one day.

The exact timeline of when the unauthorized access first occurred, how long it lasted and when the company first discovered the breach has not been detailed in available public filings.

Because the incident was disclosed to the HHS, it involved protected health information. However, the specific types of personal or health information that were exposed in this breach have not been itemized in publicly available disclosures.

Builders FirstSource Flex Plan's response to the breach

Affected individuals should watch for direct communication from Builders FirstSource Flex Plan in the mail. Breach notification letters provide specific details about what data was involved, what the organization is doing in response, and what resources are being offered to help protect those who were affected.

Anyone who believes they may have been affected by this breach and has not yet received a notification letter may want to contact Builders FirstSource directly for more information.

Steps to take if affected by the Builders FirstSource Flex Plan data breach

• Review health insurance statements carefully. Check Explanation of Benefits statements and other health plan documents for any services, claims or charges that are unfamiliar or were not authorized.
• Monitor credit reports regularly. Request free credit reports at AnnualCreditReport.com and review them for any accounts, hard inquiries or other activity that is not recognized.
• Consider placing a fraud alert or credit freeze. Contact Equifax (1-800-525-6285), Experian (1-888-397-3742) or TransUnion (1-800-680-7289) to add a layer of protection to credit files.
• Be cautious of phishing attempts. Watch for suspicious emails, phone calls or text messages that reference Builders FirstSource or this data breach by name, as scammers sometimes use real breach events to trick people into sharing additional personal information.
• Watch for signs of medical identity theft. Be alert for unexpected medical bills, unfamiliar prescriptions or notices from a health insurer about services that were never received.
• Report suspicious activity promptly. If unusual charges, unfamiliar accounts or other signs of identity theft appear, report them to the appropriate financial institution, health insurer or the Federal Trade Commission at IdentityTheft.gov.