Grayback Forestry Data Breach exposes PII of 5k

Grayback Forestry Inc., a wildfire suppression and forest restoration company headquartered in Merlin, Oregon, disclosed a data breach that occurred in early January 2026 and affected approximately 5,026 individuals in the United States.

The breach was disclosed to the Maine Attorney General on March 13, 2026, with four Maine residents identified as affected. Filings made the same day identified six Massachusetts residents and four New Hampshire residents as affected.

The breach was also reported to attorneys general in Oregon and Vermont.

Grayback Forestry completed its review of the affected data on Feb. 20, 2026, and began notifying consumers in writing on March 13, 2026.

What happened in the Grayback Forestry data breach

On Jan. 6, 2026, Grayback Forestry became aware of suspicious activity within its computer systems. Upon discovering the activity, the company said it took steps to secure its systems. Grayback Forestry also engaged external cybersecurity specialists to conduct a full investigation into the nature, scope and impact of the event.

The investigation confirmed that an unauthorized actor gained access to certain Grayback Forestry computer systems and likely copied files from those systems between Jan. 5, 2026, and Jan. 6, 2026.

Following this discovery, the company undertook a review to determine whether the affected files contained sensitive personal information and to identify the specific individuals whose data was involved in the breach. Individuals received notice because the review determined that their information was present in the files that were accessed and potentially copied.

The types of personal information exposed in the breach included names and Social Security numbers. The specific types of information affected varied from person to person, according to the company's notice to consumers.

Grayback Forestry's response to the breach

As part of its response to the breach, the company stated it has reviewed its existing policies and procedures and implemented additional security measures to help prevent similar incidents in the future.

Grayback Forestry is offering all affected individuals 24 months of complimentary credit monitoring and identity restoration services through CyEx's Financial Shield Complete product at no cost.

To enroll in the credit monitoring services, affected individuals should visit the Financial Shield enrollment page and enter the unique activation code that was included in their written notification letter. The deadline to enroll is June 11, 2026.

Grayback Forestry has set up a dedicated assistance line for individuals who have questions about the breach or need help with the enrollment process. Affected individuals can call 844-953-0827 or write to the company at P.O. Box 838, Merlin, OR 97532.

Steps to take if your information was exposed

• Place a credit freeze on your credit file by contacting Equifax (888-298-0045), Experian (888-397-3742) and TransUnion (833-799-5355) to help prevent new accounts from being opened using your personal information.
• Consider placing a fraud alert with one of the three major credit bureaus, which will require businesses to take extra steps to verify your identity before extending new credit in your name.
• Request your free credit reports at AnnualCreditReport.com or by calling 877-322-8228, and review them carefully for any accounts or activity you do not recognize.
• Monitor your financial accounts closely over the next 12 to 24 months for any unauthorized transactions or unfamiliar activity, and report anything suspicious to your financial institution immediately.
• Watch for phishing attempts that reference Grayback Forestry or this data breach by name, as scammers sometimes use real breach notifications to trick people into sharing additional personal information.
• Report suspected identity theft to the Federal Trade Commission at identitytheft.gov or 877-438-4338 and to your state attorney general.