ScrogginsGrear Data Breach Exposes PHI and PII for 8,919 Individuals

ScrogginsGrear Inc., a Cincinnati-based financial services and consulting firm, experienced a data breach in August 2025 that affected 8,919 individuals in the United States, including four Maine residents.

The breach was disclosed to the Maine Attorney General. The company has also posted a notice about the incident on its website.

ScrogginsGrear is notifying affected individuals by written letter dated April 7, 2026.

What happened in the ScrogginsGrear data breach

ScrogginsGrear discovered the incident on Sept. 10, 2025, when it detected potentially anomalous activity in its email tenant, which is the company's cloud-based email environment. Upon learning of the incident, the company launched an investigation and engaged cybersecurity experts to help understand the scope of the issue.

The investigation revealed that an unknown third party gained unauthorized access to a single employee email account within the company's email system on Aug. 25, 2025.

According to the company's findings, besides the one mailbox, no other systems or email accounts were affected. The identity of the person or group responsible for the unauthorized access has not been disclosed.

Following a thorough and comprehensive review of the affected mailbox and all of the information it contained, the company determined that personal information belonging to affected individuals may have been exposed. Once that effort was complete, ScrogginsGrear began the process of preparing notifications for those whose data was involved.

The compromised personally identifiable information included names, dates of birth, Social Security numbers or individual taxpayer ID numbers, driver's license or state ID numbers, and financial or bank account numbers.

Protected health information was also exposed including health insurance individual policy numbers and patient account numbers.

ScrogginsGrear's response to the breach

ScrogginsGrear is offering affected individuals 12 months of complimentary credit monitoring through Cyberscout, a TransUnion company.

The services include single bureau credit monitoring, a single bureau credit report, a single bureau credit score and proactive fraud assistance. These services are designed to help affected individuals detect potential misuse of their personal information. The monitoring will send alerts when changes occur on the enrolled individual's credit file, with notifications delivered the same day a change takes place.

To enroll, affected individuals can visit Cyberscout's activation page and enter the unique code included in their written notification letter. Enrollment must be completed within 90 days of the letter's date.

The company has set up a dedicated phone line at 1-833-289-9903 and an email address at info@scrogginsgrear.com for individuals who have questions or concerns about the incident. Representatives are available from 8:00 a.m. to 8:00 p.m. EST, Monday through Friday, for 90 days from the date of the notification letter.

Steps to take if your information was exposed

• Place a fraud alert or credit freeze with Equifax (1-888-766-0008), Experian (1-888-397-3742) and TransUnion (1-800-680-7289) to help prevent new accounts from being opened using stolen personal information.
• Review credit reports at AnnualCreditReport.com for unfamiliar accounts, hard inquiries or other signs that personal information may have been misused.
• Monitor financial account statements closely for unauthorized transactions, and report any suspicious activity to the relevant financial institution immediately.
• Review health insurance statements for claims or services not received, which could indicate that exposed health insurance policy numbers or patient account numbers have been misused.
• Contact the appropriate state motor vehicle agency about obtaining a replacement driver's license or state ID number if concerned about potential misuse of exposed identification information.
• Be cautious of phishing attempts that reference ScrogginsGrear or this breach by name, as scammers often use fake emails, phone calls or text messages to try to collect additional personal information after a public breach.