.png)
PROVAIL Discloses 2023 Data Breach that Exposed Social Security Numbers
Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info
On June 8, 2023, PROVAIL, a nonprofit disability service provider in the Puget Sound region, discovered a data breach. The breach occurred between May 27 and June 8, 2023, and involved unauthorized access to PROVAIL’s systems. During this period, sensitive information was exposed, including both personally identifiable information (PII) and protected health information (PHI).
The types of information compromised in this incident include names, addresses, Social Security numbers, dates of birth, demographic details, driver’s license numbers, financial information such as credit card or bank account numbers, claims information, diagnosis and condition details, medications, visit locations, and other treatment and clinical information.
PROVAIL reported the breach to the U.S. Department of Health and Human Services on August 8, 2025. You can view the disclosure on the HHS breach portal. Additionally, PROVAIL published a data event notice on their website to inform affected individuals and provide further guidance.
PROVAIL's response
After discovering the breach, PROVAIL initiated an internal investigation to determine the scope and impact of the incident. The organization notified affected individuals and provided resources to help them monitor and protect their personal information. While specific details about the steps taken have not been disclosed, it is common for organizations in these situations to offer credit monitoring, identity theft protection, and guidance on how to detect and respond to potential misuse of personal and health information.
Given the sensitive nature of the data exposed, including Social Security numbers, financial account details, and health information, affected individuals are encouraged to remain vigilant. Steps that can be taken include monitoring credit reports, reviewing account statements for unauthorized activity, placing fraud alerts or credit freezes with major credit bureaus, and watching for signs of medical identity theft.
Protect Your Data
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.
Data Breach Settlements
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
Subscribe to our weekly class actions newsletter.
.svg)