Compass Counseling Data Breach Affects Over 5,000 Clients

Compass Counseling Services, a mental health service provider, experienced a massive data breach impacting both personally identifiable information (PII) and protected health information (PHI). On Nov. 30, 2024, the health organization discovered unauthorized access on its network.

On Feb. 2, 2025, an investigation determined that a cybercriminal accessed certain Compass Counseling files between approximately Nov. 19, 2024 and Nov. 21, 2024. Exposed information includes: names, dates of birth, Social Security numbers, driver's license or state ID numbers, health insurance policy numbers, Medicare or Medicaid numbers, patient numbers, medical history, provider names and locations, medical diagnosis details, medical treatment information, financial account numbers, routing numbers, digital signatures, account access credentials, and other health insurance information.

The data breach affected at least 5,440 individuals. Compass Counseling published an updated Notice of Data Security incident on its website on June 16, 2025 and disclosed the data breach to the U.S. Department of Health and Human Services on July 29, 2025.

Compass Counseling Services' response

In addition to required state and federal disclosures, Compass Counseling will notify impacted individuals by mail. Compass has also set up a dedicated response line at 833-566-6959, 8:00am to 8:00pm ET, Monday through Friday.

If you receive a notice from Compass Counseling about this breach, you may want to:

• Sign up for free credit monitoring services, if offered.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

More information about the mental health organization can be found on the Compass Counseling Services website.