Solix Data Breach Exposes Medical Info & Social Security Numbers

On March 24, 2025, Solix Inc. discovered suspicious activity in several employee email accounts. The company launched an investigation with third-party forensic specialists to determine the nature and scope of the incident. The investigation revealed that an unauthorized actor gained access to the email accounts of multiple Solix employees between March 24 and March 27, 2025.

After a review of the impacted accounts, Solix finalized its assessment on June 17, 2025, identifying the people and types of data affected in the breach. The data breach exposed a wide array of sensitive information, including personally identifiable information (PII) like name, address, Social Security number, date of birth, tax identification number, driver’s license or state identification number, and financial account information.

In addition, some of those affected had protected health information (PHI) exposed, including medical information and health insurance information. The breach also included usernames with passwords, which could increase the risk of identity theft or unauthorized access to other accounts.

The company has posted a detailed notice about the incident on its website, which can be found in their updated website notice. The data breach was also disclosed to the Maine, Massachusetts, Vermont and Washington State Attorneys Generals' offices beginning on July 18, 2025.

It has been reported that 6479 Americans have been affected, including 1,250 residents of Washington State, three in Massachusetts, and two Maine residents.

Solix's response

The company has set up a dedicated help line at 1-833-380-8315, available Monday through Friday from 8 a.m. to 8 p.m. EST, to answer questions and help individuals determine if they were affected. Those who did not receive a notice letter but believe they may be impacted are encouraged to call for more information.

Given the nature of the breach—unauthorized access to employee email accounts containing highly sensitive PII and PHI—affected individuals are strongly encouraged to remain vigilant against identity theft and fraud. Solix recommends regularly reviewing account statements and credit reports for suspicious activity. The company’s notice provides detailed steps for placing fraud alerts or credit freezes with the major credit bureaus, as well as contact information for the Federal Trade Commission and various state attorneys general for further guidance.

More information about the company can be found on the Solix Inc. website.