Drivestream Data Breach: SSNs & Financial Information Exposed

Management and IT consulting firm, Drivestream Inc., experienced a significant data breach. In Dec 2024, the company detected that an unauthorized cybercriminal accessed its systems between Dec. 4 and Dec. 8, 2024. An investigation revealed that files containing sensitive information were breached as a result of a ransomware attack carried out by the hacker group known as Akira.

The exposed information included personally identifiable information (PII) such as name, address, phone number, government-issued ID numbers, Social Security number and financial account information. The attackers stated they had obtained approximately 80 GB of data.

Beginning on Nov. 17, 2025, the company began disclosing the breach to the Attorney Generals' offices in Maine, New Hampshire, Vermont and Massachusetts. Additional states may be notified in the future.

Drivestream began notifying affected customers on Jan. 10, 2025, and provided the results of its data review to customers starting Aug. 6, 2025.

Drivestream's response

Upon discovering the breach, Drivestream took swift action to secure its computer systems and launched a comprehensive investigation and notified law enforcement. The company is also offering impacted individuals 12 free months of Epiq credit monitoring and identity protection services.

If you receive notification from Drivestream about this breach, you may want to:

• Sign up for the free credit monitoring services, offered by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

The company has also established a dedicated assistance line for individuals with questions at 877-396-3249, available Monday through Friday, 9:00 a.m. to 9:00 p.m. ET.