Pritchard Brown Data Breach: PHI and PII Exposed

Pritchard Brown LLC, a Baltimore-based manufacturer of custom protective enclosures and fuel tank bases, disclosed a data breach that occurred in the fall of 2025, so far affecting four Massachusetts residents.

The breach has been reported to the Massachusetts Office of Consumer Affairs and Business Regulation. Pritchard Brown began notifying affected individuals in letters dated April 10, 2026.

What happened in the Pritchard Brown data breach

Pritchard Brown detected unauthorized access to its network on or about Oct. 14, 2025. The investigation determined that the unauthorized access occurred over a period of approximately one month, between on or about Sept. 16, 2025, and Oct. 15, 2025.

Shortly after the company detected the intrusion, a ransomware group known as Interlock posted a claim on the Tor network on Oct. 29, 2025, taking responsibility for the attack. The group claimed to have obtained 1.3 terabytes of data allegedly belonging to Pritchard Brown.

The leaked files reportedly contained over 1.7 million documents across more than 200,000 folders, including technical designs, project documentation, contracts and internal records.

After the unauthorized access was detected, Pritchard Brown launched a forensic investigation. Following an extensive review of the evidence and affected documents, the company discovered on March 17, 2026, that certain files containing personal information may have been subject to unauthorized access or acquisition, according to the notification letter.

The types of personal information potentially exposed included full names, Social Security numbers, driver's licenses, financial account information and medical records.

Pritchard Brown's response to the breach

Pritchard Brown is offering affected individuals complimentary credit monitoring services at no charge. The services include single bureau credit monitoring, a single bureau credit report and a single bureau credit score, provided through Cyberscout, a TransUnion company specializing in fraud assistance and remediation services.

To enroll, affected individuals need to use the unique code included in their notification letter within 90 days of the letter's date.

The company has also set up a dedicated and confidential call center for individuals with questions about the incident. The response line is available for 90 days from the date of the notification letter, between 8 a.m. and 8 p.m. Eastern time, Monday through Friday, excluding holidays.

Steps to take if your information was exposed

• Place a fraud alert or security freeze on credit files by contacting Equifax (1-888-298-0045), Experian (1-888-397-3742) or TransUnion (1-800-916-8800) to help prevent unauthorized accounts from being opened.
• Review credit reports for unfamiliar accounts or inquiries by requesting free copies at AnnualCreditReport.com and looking for anything unrecognized.
• Monitor financial account statements carefully for any unauthorized transactions, since financial account information was among the data potentially exposed in this breach.
• Review Explanation of Benefits statements from health insurance providers for services not received, since medical records were among the types of information involved.
• Contact your state DMV about driver's license protections since driver's license information was included in the exposed data, and ask about available safeguards such as a replacement license.
• Be cautious of phishing attempts that reference Pritchard Brown or this data breach by name, as scammers may try to exploit the situation to collect additional personal information.