.png)
Operation Par confirms data breach and exposure of social security numbers
Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info
On June 10, 2025, Florida-based Operation Par Inc., discovered a data breach. According to the official security incident notification, the organization learned that an unauthorized party, which ended up being a ransomware group, had gained access to sensitive information.
The breach was significant in scope: the threat actor, a group known as Worldleaks, claimed responsibility and posted about the incident on the dark web on July 2, 2025. They alleged to have accessed and exfiltrated 485.2 GB of data, including 898,100 files.
The information exposed in this breach includes personally identifiable information (PII) such as names, addresses, dates of birth and Social Security numbers, as well as protected health information (PHI) including health insurance details.
The severity of this incident is heightened by the nature of the data involved. The combination of PII and PHI places affected individuals at a higher risk for identity theft and medical fraud.
Operation Par's response
In response to the breach, Operation Par immediately launched a thorough investigation and engaged leading third-party cybersecurity professionals to assist in determining the scope of the incident. The organization has also taken steps to enhance its cybersecurity measures and continues to evaluate and modify its practices to better protect personal information.
For those potentially affected, Operation Par has set up a dedicated toll-free response line at 877-495-0947, available Monday through Friday, 9 a.m. to 9 p.m. Eastern time, to answer questions and provide additional information. The organization urges clients and employees to remain vigilant by regularly reviewing financial account statements and explanation of benefits statements from health insurance providers.
To further protect themselves, individuals are encouraged to:
- Place a one-year fraud alert on their credit files with any of the three major credit bureaus
- Consider placing a security freeze on their credit reports, which restricts access to their credit information
- Obtain and review free annual credit reports from each of the three credit bureaus
- Monitor health insurance statements for unfamiliar claims or services
- Report any suspicious activity to law enforcement and file a police report if necessary
Protect Your Data
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.
Data Breach Settlements
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
Subscribe to our weekly class actions newsletter.
.svg)