# Cardinal Services Data Breach Impacts 142,000 Individuals

Cardinal Services Inc., a staffing and HR outsourcing company based in Coos Bay, Oregon, disclosed a data breach that affected approximately 142,323 individuals in the United States, including 122 Indiana residents, 32 Massachusetts residents, 11 Maine residents and nine Vermont residents.

Cardinal Services began notifying consumers by written notice on May 20, 2026.

The breach was additionally disclosed to the California Attorney General on May 20, 2026.

Between June 25, 2025, and Aug. 8, 2025, an unauthorized access to the company's systems occurred over a period of approximately six weeks.

On July 15, 2025, the ransomware group Rhysida posted on its Tor-based dark web portal that it had obtained data from Cardinal Services and intended to publish the stolen data within six to seven days.

The types of personal information exposed in the breach included names, dates of birth, Social Security numbers, driver's license or state ID numbers, financial account information, medical information, health insurance information, digital signatures and biometric information.

Cardinal Services' response to the breach

Cardinal Services is offering complimentary credit monitoring services through Epiq Privacy Solutions ID. Each notification letter includes a unique activation code and an enrollment deadline specific to the recipient.

Cardinal Services has also established a toll-free response line for individuals who have questions about the incident. The line is available Monday through Friday from 9 a.m. to 9 p.m. Eastern Time.

The phone number for the response line is included in each person's written notification letter.