Oglethorpe, Inc. Data Breach Affects 92,332 Individuals & Exposes Social Security Numbers

On June 6, 2025, Oglethorpe, Inc., a healthcare management company specializing in behavioral health and addiction recovery, experienced a cyberattack. An investigation determined that a threat actor gained access to the company's internal network and obtained files containing sensitive information during the breach.

According to reports, the cyberattack compromised at least 92,332 individuals. Compromised information included names, dates of birth, Social Security numbers, driver's license numbers and medical information. The combination of both personally identifiable information (PII) and protected health information (PHI) puts patients and staff at risk for identity theft and both medical and financial fraud.

Oglethorpe disclosed the cybersecurity incident to the Maine Attorney General's office, the Montana Attorney General and the New Hampshire Attorney General on Oct. 31, 2025, reporting 85 Maine, 89 New Hampshire and 11 Montana residents affected. The company also published a substitute data security incident notice on its website and has begun notifying impacted individuals by mail.

The data breach was subsequently reported to the Massachusetts Attorney General (285 residents affected) on Nov. 3, 2025, then the Texas Attorney General (274 residents affected) and Vermont Attorney General on Nov. 4, 2025.

Oglethorpe's response

In response to the breach, Oglethorpe engaged forensic experts and began wiping and rebuilding affected systems. The company also notified the FBI. In addition to required state and federal disclosures, Oglethorpe is also providing affected individuals 12 free months of TransUnion Cyberscout single-bureau credit monitoring services.

If you receive a notice from Oglethorpe about this breach, you may want to:

• Sign up for the free credit monitoring services, provided by the healthcare organization.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.