Rainier Research Data Breach Impacts Hundreds: SSNs Exposed

Rainier Clinical Research Center, a clinical research facility in Renton, Washington, disclosed a data breach that affected at least 650 Washington residents.

The breach was connected to a security incident at the company's IT managed service provider, which has not been publicly identified. An unauthorized actor gained access to the company's systems over a four-day window from Jan. 15 through Jan. 18, 2026. During this period, the intruder was potentially able to access and acquire personal information stored on the company's systems.

On Feb. 23, 2026, the ransomware group known as INC Ransom posted a claim of responsibility on the dark web. The group claimed it had obtained 187 GB of the organization's data.

A forensic investigation determined that the types of personal information potentially acquired during the breach included names, driver's licenses and Social Security numbers.

Rainier Clinical Research Center began notifying affected individuals by mail on April 6, 2026.

Rainier Clinical Research Center's response to the breach

Rainier Clinical Research Center is offering all affected individuals 12 months of free identity monitoring services through Kroll. The services include single bureau credit monitoring, unlimited fraud consultation and identity theft restoration services.

Affected individuals can activate their monitoring services by visiting the Kroll enrollment page and entering the membership number included in their notification letter. The deadline to enroll is specified in each individual's letter.

The company has also set up a toll-free call center at 844-403-4526 to answer questions and assist with enrollment and fraud consultation. The call center is available Monday through Friday, excluding major U.S. holidays, from 9 a.m. to 6:30 p.m. Eastern time.

Steps to take if your information was exposed

• Place a credit freeze with Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-800-680-7289) to block new accounts from being opened using stolen personal information.
• Request free credit reports at AnnualCreditReport.com and review them closely for any unfamiliar accounts or credit inquiries.
• Consider placing a fraud alert with one of the three major credit bureaus, which will require creditors to take extra verification steps before opening new accounts.
• Monitor bank and financial account statements for any unauthorized transactions or suspicious activity, and report concerns to the appropriate financial institution.
• Be cautious of phishing attempts that reference Rainier Clinical Research Center or this data breach by name, as scammers may try to exploit the situation through fake emails, calls or letters.
• Report suspected identity theft to local law enforcement and the Federal Trade Commission at 1-877-438-4338.