Home
>
Data Breach>Morton Drug

Morton Drug Company Data Breach Impacts 40K: SSNs & Names Exposed

Published
December 3, 2025
Updated
December 3, 2025
Morton Drug Company Data Breach Impacts 40K: SSNs & Names Exposed
Morton Drug
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

Morton Drug

data breach?

Join the Lawsuit

It's free to join. 

On Nov. 7, 2025, Morton Drug Company, an independent pharmacy, announced it had experienced a significant network cybersecurity incident. The breach, which was first discovered on Aug. 20, 2025, impacted the company’s IT systems and led to the exposure of sensitive personally identifiable information (PII) and protected health information (PHI) of 40,051 individuals in the U.S.

The investigation, which concluded on or around Oct. 21, 2025, determined that the types of information exposed included names, addresses, prescription information, and, in some cases, Social Security numbers. The exact methods of the breach are not yet publicly known. However, the type of data exfiltrated and the number of people impacted suggests that this is a serious cybersecurity incident. As such, the exposure of PII and PHI puts individuals at risk of identity theft and medical fraud.

The company posted a notice of data security incident on its website on Nov. 7, 2025 and reported it to the U.S. Department of Health and Human Services on Nov. 10, 2025.

Morton Drug Company's response

Upon discovering the breach, Morton Drug Company immediately engaged third-party cybersecurity experts to assess, contain and remediate the incident. Law enforcement was also notified to assist in the investigation. The company has since reviewed and strengthened its information security protocols to help prevent similar incidents in the future.

If you receive notification from Morton Drug Company or your provider about this breach, you may want to:

  • Sign up for the free identity theft protection services, if offered by Morton Drug Company.
  • Monitor your credit reports and financial accounts for any unusual activity.
  • Be alert for phishing emails or phone calls that may use your exposed information.
  • Consider placing a fraud alert or credit freeze with major credit bureaus.

For those affected, Morton Drug Company established a dedicated call center to answer questions and provide support. Individuals can reach the call center at 1-833-594-0797 from 8 a.m. to 8 p.m. ET, Monday through Friday.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Sources

Disclosures

Breach Summary

Affected Entity
Morton Drug
Consumers Notification date
Date of Breach
Breach Discovered Date
August 20, 2025
Total People Affected
Information Types Exposed
  • names
  • addresses
  • prescription information
  • social security numbers

Data Breach Settlements

Sweetwater Union High School District Data Breach Settlement
Hypertension Nephrology Associates Data Breach Settlement
Progressive Leasing $3.25M Data Breach Settlement
Dakota Eye Institute $1M Data Breach Settlement
RIBridges $6.3M Data Breach Class Action Settlement
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image

What to Read Next

Maine State Credit Union Breach Impacts 38,334 in Maine
December 3, 2025
Maine State Credit Union Breach Impacts 38,334 in Maine
BayFirst Data Breach Exposes DOBs & SSNs
December 3, 2025
BayFirst Data Breach Exposes DOBs & SSNs
Cape Cod Five Data Breach Compromises SSNs & Dates of Birth
December 3, 2025
Cape Cod Five Data Breach Compromises SSNs & Dates of Birth
Thomas Safran & Associates Data Breach Compromises SSNs & Names
December 3, 2025
Thomas Safran & Associates Data Breach Compromises SSNs & Names