
Easypak, a thermoformed plastic packaging manufacturer based in Leominster, Massachusetts, disclosed a data breach that may have compromised the personal information of individuals connected to the company. The company, which operates under the legal name G-Pak Holdings LLC, produces packaging for the food, consumer goods, medical and industrial sectors.
Easypak discovered unauthorized access to its computer network on or about Jan. 13, 2026. On Jan. 29, 2026, a ransomware group known as Akira posted a claim on the dark web using the Tor network. The group claimed to have obtained 67 gigabytes of Easypak's corporate data.
The investigation into the breach concluded on June 8, 2026, which confirmed that certain files containing personally identifiable information may have been accessed without authorization.
The types of personal information exposed included full names, Social Security numbers, driver's license information, financial account data and medical records.
So far, at least 217 Massachusetts residents were identified as affected.
The company is offering affected individuals complimentary credit monitoring services as a precautionary measure. Enrollment instructions for the credit monitoring services were included in the notification letters sent to affected individuals.
The company's notification also included detailed guidance on additional protective measures such as instructions on placing fraud alerts and security freezes with the three major credit bureaus and outlined steps for obtaining free credit reports.
Easypak set up a dedicated call center for individuals with questions about the incident. Those who received a notification letter can reach the response line at 978-537-5683, Ext. 1003, between 8 a.m. and 8 p.m. Eastern Time, Monday through Friday, excluding holidays. The call center will remain available for 90 days from the date of each individual's notification letter.








.webp)
.webp)
.webp)

.webp)
.webp)
.webp)
.webp)