Steel Encounters Data Breach Exposes Social Security Numbers

On December 31, 2025, Steel Encounters, Inc., a specialty contractor based in Salt Lake City, Utah, disclosed a significant data breach affecting at least 959 individuals in the United States.

The incident occurred between July 27 and Aug. 1, 2025, when an unauthorized actor accessed and copied data from specific systems on the company’s network.

The breach was the result of a ransomware attack by the group known as Akira, who later claimed responsibility and posted evidence of the intrusion on the dark web on Aug. 20, 2025. According to reports, the attackers claimed to have obtained 21 GB of sensitive company data, including financial records, employee information, customer details and other confidential files.

According to detailed notice of a cyber security event to consumers on the company's website, individuals affected may have had their name, address, passport number, Social Security number, date of birth, driver’s license, employer-assigned identification number, financial account or payment card information, health insurance and claims information, diagnosis or treatment details and patient identification number compromised.

The breach was officially reported to the U.S. Department of Health and Human Services on Dec. 31, 2025, and the department’s summary of the incident can be found on the HHS breach portal.

Steel Encounters' response

Upon discovering suspicious activity on their network, Steel Encounters initiated an immediate investigation and took steps to secure their systems. They worked with cybersecurity professionals to determine the scope of the breach, identify the impacted data and review the information involved. The company completed a preliminary review of the compromised data by Nov. 7, 2025, and then undertook further steps to validate and enrich the data for notification purposes. Steel Encounters reported the incident to federal law enforcement and relevant regulatory authorities.

Steel Encounters is directly notifying those whose information was affected. The company has provided a dedicated phone number, 1-844-574-1138, and a mailing address for individuals seeking more information or assistance. They are also encouraging individuals to remain vigilant by monitoring account statements, explanation of benefits forms and free credit reports for any signs of suspicious activity or identity theft. Prompt reporting of any suspicious activity to banks, credit card companies or other applicable institutions is advised.

Given the nature of the breach—a ransomware attack by a known cybercriminal group—affected individuals should take extra precautions, such as placing fraud alerts or credit freezes with credit bureaus and watching for phishing attempts that may reference the stolen information.