Echo Design Group Data Breach Affects HR Documents

The Echo Design Group, Inc., a graphic design and digital marketing firm based in Illinois, recently experienced a data breach affecting affecting residents in Vermont and Massachusetts. The cybersecurity incident exposed sensitive personally identifiable information (PII).

According to the notice, the incident involved the unauthorized copying of certain human resources and accounting documents. As a result, the personal information of certain individuals was exposed, including names, Social Security numbers, driver’s license numbers, credit and debit card numbers, and financial account information.

The breach was reported to the Massachusetts Attorney General’s office on Nov. 21, 2025, and to the Vermont Attorney General’s office on Nov. 24, 2025. The company’s notice indicates that the documents were copied without permission, but it does not specify whether this was due to an external cyberattack, insider threat, or another method. The exposure of PII puts individuals at risk of identity theft and financial fraud.

Echo Design Group's response

After completing its review of the incident, Echo Design Group took steps to notify affected individuals and provide resources to help protect their identities. The company is offering complimentary credit monitoring and identity protection services through Cyberscout, a TransUnion company, for twenty-four months.

If you receive notification from The Echo Design Group about this breach, you may want to:

• Sign up for the free Cyberscout identity theft protection services, offered by Echo Design Group.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For affected individuals with questions, Echo Design Group has set up a call center at 1-800-405-6108, Monday through Friday, 8 a.m. to 8 p.m. ET.