Carlson Maintenance Breach Exposes Social Security Numbers

Carlson Building Maintenance Inc., a Minnesota-based company that provides commercial cleaning and floor maintenance services for large retail and educational clients, disclosed a data breach linked to a ransomware attack that occurred in September 2025.

The breach was reported to the Iowa Attorney General on April 3, 2026, with 1,118 Iowa residents identified as affected. Carlson began sending written notification letters to affected individuals on or about April 3, 2026.

What happened in the Carlson Building Maintenance data breach

An unauthorized actor gained access to Carlson's network on Sept. 22, 2025. During that time, the intruder viewed or took certain files stored on the network.

On Oct. 10, 2025, the ransomware group known as Akira claimed responsibility for the attack in a posting on the Tor network. The group stated it had obtained 20 GB of Carlson's data.

According to the dark web posting, the stolen data included financial documents such as audit records, payment details, financial reports and invoices. The group also claimed to have employee and customer information, including passports, driver's licenses, email addresses and phone numbers, along with other confidential documents containing personal information.

Carlson worked with third-party forensic specialists to investigate the incident. The company completed a review of the affected files and determined that the personal information subject to the unauthorized access included names, Social Security numbers and dates of birth.

Carlson Building Maintenance's response to the breach

Carlson is offering affected individuals 12 months of free credit monitoring services through Cyberscout, a TransUnion company specializing in fraud assistance and remediation. The services include single bureau credit monitoring, a single bureau credit report and a single bureau credit score.

Affected individuals can enroll by visiting the Cyberscout activation page and entering the unique code included in their notification letter. Enrollment must be completed within 90 days of the date of the letter.

Carlson also reported the breach to the three major credit reporting agencies: Equifax, Experian and TransUnion. The company noted it is providing written notice to relevant state regulators as necessary.

For individuals with additional questions or concerns, Carlson has set up a dedicated toll-free assistance line at 1-833-289-6643. The line is available Monday through Friday from 8:00 a.m. to 8:00 p.m. ET, excluding major U.S. holidays. Affected individuals may also write to Carlson at 1857 Buerkle Rd., White Bear Lake, MN 55110.

Steps to take if your information was exposed

• Place a credit freeze or fraud alert with Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-833-799-5355) to help prevent new accounts from being opened using stolen information.
• Request free credit reports at AnnualCreditReport.com and review them carefully for any accounts or inquiries that look unfamiliar.
• Monitor financial accounts closely for the next 12 to 24 months by checking bank and credit card statements regularly for unauthorized transactions.
• Report suspected identity theft to local law enforcement, the relevant state attorney general and the Federal Trade Commission at IdentityTheft.gov or 1-877-438-4338.
• Be cautious of phishing attempts that reference Carlson Building Maintenance or this data breach by name, as scammers sometimes use breach notifications to trick people into sharing additional personal details.