Solix Data Breach Exposes Medical Info & Social Security Numbers

On March 24, 2025, Solix Inc. discovered suspicious activity in several employee email accounts. The company launched an investigation with third-party forensic specialists to determine the nature and scope of the incident. The investigation revealed that an unauthorized actor gained access to the email accounts of multiple Solix employees between March 24 and March 27, 2025.

After a review of the impacted accounts, Solix finalized its assessment on June 17, 2025, identifying the people and types of data affected in the breach. The data breach exposed a wide array of sensitive information, including personally identifiable information (PII) like name, address, Social Security number, date of birth, tax identification number, driver’s license or state identification number, and financial account information.

In addition, some of those affected had protected health information (PHI) exposed, including medical information and health insurance information. The breach also included usernames with passwords, which could increase the risk of identity theft or unauthorized access to other accounts.

The company has posted a detailed notice about the incident on its website, which can be found in their updated website notice. The data breach was also disclosed to the Maine Attorney General's office on July 18, 2025, reporting two Maine residents affected.

Solix's response

In response to the breach, Solix took several steps to secure its systems and protect affected individuals. The company conducted a thorough investigation to confirm the full nature and scope of the incident, secured its email tenant, and completed a detailed review of the information potentially affected. Solix is mailing notification letters to all individuals for whom it has a postal address.

The company has set up a dedicated help line at 1-833-380-8315, available Monday through Friday from 8 a.m. to 8 p.m. EST, to answer questions and help individuals determine if they were affected. Those who did not receive a notice letter but believe they may be impacted are encouraged to call for more information.

Given the nature of the breach—unauthorized access to employee email accounts containing highly sensitive PII and PHI—affected individuals are strongly encouraged to remain vigilant against identity theft and fraud. Solix recommends regularly reviewing account statements and credit reports for suspicious activity. The company’s notice provides detailed steps for placing fraud alerts or credit freezes with the major credit bureaus, as well as contact information for the Federal Trade Commission and various state attorneys general for further guidance.

A full copy of the notice to consumers, including specific steps to protect personal information, will be available at the bottom of this page in PDF format.

More information about the company can be found on the Solix Inc. website.