Earthbound Holding Data Breach Affects 6k: PII Exposed

On Dec. 18, 2025, Earthbound Holding LLC, the Texas-based parent company of Earthbound Trading Co., detected unusual activity on its computer network. The breach affected a total of 6,766 individuals across the United States, including 1,866 in Texas, 221 Indiana residents, 66 Massachusetts residents, 33 Maine residents, and 26 New Hampshire residents.

The company took steps to secure their systems and launched an investigation with cybersecurity experts. The investigation revealed that, on or around Dec. 18, 2025, certain data had been acquired without authorization.

After a thorough review, Earthbound confirmed on March 6, 2026, that personal information had been impacted.

The information exposed in this incident included names, Social Security numbers, addresses, government-issued IDs, and dates of birth for current and former employees. This type of data is considered personally identifiable information (PII) and can be particularly sensitive due to the risk of identity theft.

Earthbound notified the Indiana Attorney General, Maine Attorney General, Massachusetts Attorney General, New Hampshire Attorney General, Texas Attorney General, and the Vermont Attorney General about the breach starting on March 12, 2026. The company also sent written notices via USPS First Class Mail to affected individuals on the same day.

Earthbound's response

To help protect affected individuals, Earthbound is offering 12 months of complimentary identity protection services through Cyberscout, a TransUnion company. These services include credit monitoring, dark web monitoring, a $1 million identity fraud loss reimbursement policy and fully managed identity theft recovery services.

Affected individuals are encouraged to enroll in these complimentary services within 90 days of receiving their notification letter. Earthbound has also established a toll-free call center for questions and support related to the breach.

Given the exposure of Social Security numbers, those affected should remain vigilant by monitoring their financial accounts, reviewing credit reports and considering placing a fraud alert or security freeze on their credit files.

Earthbound’s notice also provides information on how to obtain an IRS Identity Protection PIN and outlines additional steps to protect personal information.