Johnson Controls Data Breach Exposes Employees' Sensitive Information

On February 1, 2023, Johnson Controls International plc, a global leader in building products and solutions, experienced a major data breach. The incident was later disclosed to state authorities in California, Texas, and Vermont on June 30 and July 1, 2025. According to official filings, the breach affected at least 38,037 individuals in Texas alone, with additional impacts likely in other states.

The breach involved unauthorized access to internal systems, resulting in the exposure of personal information. The types of consumer information exposed included personal information provided to the company by employees, contract workers, and while in the job application process.

While the specific method of intrusion and the identity of the perpetrators have not been publicly detailed, the nature of the exposed information suggests that personally identifiable information (PII) was compromised. There is no indication that protected health information (PHI) was involved.

The breach was reported to the California Attorney General, the Texas Attorney General, and the Vermont Attorney General, following regulatory requirements. Johnson Controls also posted a notice for affected individuals on their dedicated FAQ page.

Johnson Controls's response

In response to the breach, Johnson Controls provided notification to affected consumers via U.S. Mail and by posting information on a special section of their website. The company’s FAQ page offers guidance for those impacted, outlining recommended steps to protect personal information. If you received a notice, it is important to remain vigilant by monitoring your financial accounts and credit reports for suspicious activity.

Given the exposure of names and other personal details, affected individuals should be cautious of potential phishing attempts or fraudulent communications that may reference the breach. While no financial or health data has been reported as compromised, it is wise to use strong, unique passwords for your accounts and consider placing a fraud alert or credit freeze with the major credit bureaus if you have concerns about identity theft.

For more information, visit the Johnson Controls website.