Prestige Maintenance USA Data Breach Affects 65,452 People

On July 14, 2025, Plano, Texas-based Prestige Maintenance USA, discovered a major data breach that affected the personal information of 65,452 people in the United States. The breach involved unauthorized access to company data, with the ransomware group MEDUSA claiming responsibility.

According to the July 22nd disclosure filed with the Maine Attorney General’s office, the incident was first detected on Jan. 17, 2025, when Prestige Maintenance USA identified unusual activity in its cyber environment. The company immediately took steps to secure its systems and launched an investigation with the help of independent cybersecurity experts.

Disclosures were filed with the attorney general's office of California, Iowa, and New Hampshire the same day. Subsequent disclosures were filed with the Massachusetts AG's and Texas Attorney General's, which disclosed 15,360 residents have been affected in the state of Texas alone. Also in the Texas AG disclosure is that the types of information exposed include name of affected individuals, Social Security numbers, and driver’s license numbers.

The investigation revealed that certain files had been accessed without authorization, and a review concluded on July 14, 2025, identifying the individuals whose data was potentially compromised. Notably, MEDUSA ransomware operators claimed responsibility for the attack, posting about the breach on their dark web portal on Jan. 15, 2025, and threatening to publish the stolen data within eight to nine days, with sample screenshots provided as proof.

Prestige Maintenance USA's response

In response to the breach, Prestige Maintenance USA acted to secure its systems and engaged independent cybersecurity experts to investigate the incident. The company notified law enforcement and has taken steps to prevent similar incidents in the future. On July 22, 2025, Prestige Maintenance USA began sending written notifications to affected individuals, following state and federal requirements.

As part of its response, the company is offering 12 months of complimentary identity monitoring services through IDX to individuals whose information was potentially affected. This service includes credit monitoring, identity protection support, and resources to help detect and respond to possible misuse of personal information. Impacted individuals are encouraged to enroll in these services by Oct. 22, 2025.

Furthermore, Prestige Maintenance USA has provided detailed guidance on steps individuals can take to protect themselves, including reviewing account statements, placing fraud alerts or security freezes on credit files, and obtaining free credit reports from the major credit bureaus. The company also directed individuals to resources from the Federal Trade Commission and state attorneys general for additional support.

Given the nature of the breach—specifically, the use of ransomware and the threat of public data exposure—affected individuals should remain vigilant for signs of identity theft or fraud. It is important to monitor financial accounts closely, take advantage of the offered credit monitoring, and promptly report any suspicious activity to law enforcement or the appropriate authorities.

More information about the company can be found on the Prestige Maintenance USA website.