Easterseals NE Indiana Data Breach: PII and PHI Exposed

Easterseals Northeast Indiana, a nonprofit organization serving individuals with disabilities and their families, recently experienced a data breach involving sensitive personal and health information. On Sept. 4, 2025, the organization discovered suspicious activity within its network environment and took steps to secure its systems.

Initially, there was no indication that protected health information (PHI) had been compromised. However, on Nov. 10, 2025, further investigation revealed that an unauthorized party had accessed and acquired PHI from the organization’s systems.

The breach was linked to a ransomware attack carried out by the threat actor known as INC RANSOM. On Nov. 10, 2025, the group claimed responsibility for the incident on the dark web, stating they had obtained 405 GB of organizational data.

The types of information exposed varied by individual but may have included first and last name, Social Security number, health insurance information, medical diagnostic and treatment information, contact information, and date of birth.

Easterseals Northeast Indiana published a notice of the data breach via ACCESS Newswire.

Easterseals Northeast Indiana's response

For individuals whose Social Security numbers were involved, Easterseals Northeast Indiana is offering complimentary credit monitoring services through Cyberscout, a TransUnion company. Additionally, the organization has established a toll-free call center at 1-855-522-0942 to answer questions and provide assistance related to the incident.

Affected individuals should take the following steps:

• Enroll in the free credit monitoring service offered if notified their Social Security number was involved
• Monitor financial accounts, insurance statements, and medical records for any unusual activity
• Consider placing a fraud alert or security freeze with credit bureaus
• Be alert for phishing attempts or suspicious communications referencing the breach