Home
>
Data Breach>FedEx

FedEx Data Breach Exposes Sensitive Protected Health Information (PHI)

Published
December 22, 2025
Updated
December 22, 2025
FedEx Data Breach Exposes Sensitive Protected Health Information (PHI)
FedEx

Affected by the

FedEx

data breach?

Join the Lawsuit

On Dec. 1, 2025, FedEx Corporation Group Health Plan disclosed a cybersecurity incident that has potentially compromised personally identifiable information (PII) and protected health information (PHI) of at least 1,066 individuals across the U.S.

The breach involved sensitive information related to the group health plan for active employees of FedEx Corp., which provides medical, dental, vision and related benefits, as well as COBRA continuation coverage for former employees.

While specific details about the method and timeline of the breach have not been publicly released, the notification confirms that sensitive information was compromised. This may include names, contact information, Social Security numbers, medical plan details, health claims, and possibly dependent information, given the nature of the group health plan.

The company disclosed the data breach to the U.S. Department of Health and Human Services on Dec. 1, 2025.

FedEx Corporation Group Health Plan's response

In response to the breach, FedEx Corporation Group Health Plan has notified federal authorities and is expected to contact affected individuals directly. While the company has not publicly detailed its mitigation steps, organizations in similar situations typically offer credit monitoring or identity protection services to those whose sensitive data has been exposed.

Affected individuals should be vigilant for suspicious activity, including unexpected communications from health care providers or insurance companies, and should monitor their credit reports closely.

Given the involvement of both PII and PHI, it is especially important for affected individuals to review their health insurance statements and medical bills for unfamiliar charges. If suspicious activity is detected, it should be reported to the insurance provider and the Federal Trade Commission. Those affected by the breach may also wish to place a fraud alert or credit freeze with major credit bureaus as a precaution.

Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info
  • Affected information types not yet disclosed

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Sources

Disclosures

Breach Summary

Affected Entity
FedEx
Consumers Notification date
Date of Breach
Breach Discovered Date
Total People Affected
Information Types Exposed

Data Breach Settlements

LifeBridge Health Inc. $575,000 Data Breach Settlement
Alabama Cardiology Group $2.2M Data Breach Settlement
Carolina Arthritis Associates $600K Data Breach Settlement
Consulting Radiologists $2.2M Data Breach Settlement
Idaho National Laboratory Data Breach Class Action Settlement
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image

What to Read Next

University of Phoenix Data Breach Affects 3.5 Million
December 22, 2025
University of Phoenix Data Breach Affects 3.5 Million
Outdoor Smart! (Campfire Collective) Data Breach Affects 19,864 People
December 22, 2025
Outdoor Smart! (Campfire Collective) Data Breach Affects 19,864 People
Ochsner LSU Health Data Breach Impacts 4,519 Individuals
December 22, 2025
Ochsner LSU Health Data Breach Impacts 4,519 Individuals
Baker University Data Breach Exposes Sensitive PII & PHI of 53K
December 19, 2025
Baker University Data Breach Exposes Sensitive PII & PHI of 53K