PRSA Confirms Data Breach Exposed Social Security Numbers

In September 2025, the Public Relations Society of America was the victim of a ransomware attack carried out by the Sinobi group, who claimed responsibility for infiltrating PRSA’s computer systems and exfiltrating approximately 800 GB of sensitive organizational data. The attackers announced their intent to publish the stolen data within a week on a dark web forum.

Upon discovering suspicious activity in their computer systems, PRSA began an investigation and took steps to contain the situation. It was determined that an unauthorized actor had gained access to PRSA’s server environment and copied a limited but sensitive amount of data.

The breach exposed names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account information, health insurance information, medical condition or treatment information, user names and access information, and student identification card numbers.

While the total number of affected individuals nationwide has not been disclosed as of publishing, PRSA reported to the Massachusetts Office of Consumer Affairs and Business Regulation that nine residents of Massachusetts were impacted.

PRSA's response

For those impacted, PRSA has arranged complimentary identity monitoring services through Kroll, a global leader in risk mitigation and response. These services include credit monitoring, fraud consultation and identity theft restoration for a specified period. Affected individuals are encouraged to activate their monitoring services by following the instructions provided in their notification letter.

Given the nature of the breach, PRSA strongly recommends that all affected individuals remain vigilant against potential identity theft and fraud.

Recommended steps include:

• Regularly monitoring free credit reports from each of the three major credit bureaus
• Reviewing account statements for suspicious activity
• Placing a fraud alert or security freeze on credit files if appropriate
• Reporting any signs of identity theft to financial institutions and law enforcement

Further guidance and contact information for credit bureaus, the Federal Trade Commission and state attorney general offices are included in the official consumer notice, which is available in PDF format at the bottom of this page.