Ikron Corp. Data Breach Affects 11.8k Exposing Social Security Numbers

Ikron Corp., a nonprofit organization that provides behavioral health, employment and education services to youth and adults in Cincinnati, Ohio, and Seattle, Washington, disclosed a data breach that affected approximately 11,845 individuals in the United States.

The breach was disclosed to the U.S. Department of Health and Human Services on May 4, 2026. Ikron Corp. discovered the incident in February 2026 and posted a notice about the security incident on its website on May 11, 2026.

On or about Dec. 23, 2025, a ransomware attack struck Ikron Corp.'s computer network and disrupted the organization's operations, according to the company's notification. The organization did not become aware of the security incident until approximately two months later.

An investigation ultimately revealed that two separate unauthorized parties had accessed different parts of the organization's systems and extracted sensitive data.

The first unauthorized party gained access to certain Ikron Corp. servers and files, including internal documents and records, according to the notification. That party extracted administrative and employment-related information associated with current and former Ikron Corp. employees.

On or about March 4, 2026, the organization learned that a second unauthorized party had also infiltrated its network. This second party gained access to the electronic health record environment used by Ikron Corp. and extracted client health information, including protected health information associated with care provided by the organization. This intrusion also resulted in the extraction of information related to clients' vocational services.

On March 28, 2026, a ransomware group known as Exitium claimed responsibility for the attack in a posting on the dark web's tor network. The group stated it had obtained 278 GB of the organization's data and intended to publish the information within three to four days.

The personally identifiable information exposed in the breach included names, addresses, dates of birth, Social Security numbers and driver's license numbers. Protected health information exposed included clinical information, clinical notes, diagnoses, treatment plans, medical history, limited medication information, general disability-related information, health insurance information, medical record numbers and appointment and billing information.

Additional categories of information exposed included intake and assessment records, intake and enrollment information, program participation and service records, service-related notes or communications, education or work history, and information relating to employment or vocational services.

Ikron Corp.'s response

The organization is notifying affected individuals as they are identified through its ongoing review of impacted files. Ikron Corp. is offering 12 months of complimentary credit monitoring services to impacted individuals throughout the investigation.

In its notification, the organization also advised affected individuals to remain vigilant against identity theft and fraud and to review their account statements and credit reports for suspicious or unauthorized activity. Those who believe they may have been affected and would like additional information about available services are encouraged to contact the organization's dedicated toll-free helpline at 888-620-2701, available Monday through Friday from 9 a.m. to 6 p.m. Eastern Time.