Home
>
Data Breach>Too Lost

Too Lost Data Breach Exposes SSNs and Other PII of 3,206 Users

Published
February 23, 2026
Updated
March 20, 2026
Too Lost Data Breach Exposes SSNs and Other PII of 3,206 Users
Too Lost

Too Lost, a music and technology company specializing in SaaS solutions for independent music creators, recently experienced a data breach in the United States.

According to the disclosure filed with the Maine Attorney General, the incident was discovered on Feb. 10, 2026, after an unauthorized third party contacted the company at the end of January claiming to have obtained certain information from the Too Lost environment.

A comprehensive investigation, supported by cybersecurity experts and law enforcement, revealed that unauthorized access and data transfer occurred between July 25, 2025, and Sept. 2, 2025, through a Too Lost web application.

The breach exposed personally identifiable information (PII) including Social Security numbers, driver's licenses, names, addresses, email addresses, phone numbers, passport numbers, and residency permit numbers. Passwords were not affected by this incident.

In total, the breach impacted 3,206 individuals in the United States, with 68 affected in Massachusetts, 44 in Indiana, seven in New Hampshire, and two in Maine.

Too Lost notified affected consumers on Feb. 20, 2026, using written communication. The company also reported the breach to the Indiana Attorney General, Massachusetts Office of Consumer Affairs and Business Regulation, the New Hampshire Attorney General, and the Vermont Attorney General.

Too Lost's response

Too Lost is offering all affected individuals 24 months of complimentary credit monitoring and identity protection services through IDX, which includes a $1 million insurance reimbursement policy and fully managed identity theft recovery services.

Affected individuals can enroll in these services using the information provided in their notification letter.

Those impacted are encouraged to remain vigilant by monitoring account statements and free credit reports for any signs of suspicious activity. The company also recommends changing passwords and considering a credit freeze or fraud alert with the major credit bureaus if concerned about potential misuse of their information.

Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info
  • Affected information types not yet disclosed

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Sources

Disclosures

Breach Summary

Affected Entity
Too Lost
Consumers Notification date
February 20, 2026
Date of Breach
Breach Discovered Date
February 10, 2026
Total People Affected
3206
Information Types Exposed
  • Drivers Licenses
  • Name of individual
  • Address
  • Social Security Number Information
  • Driver’s License number
  • Government-issued ID number (e.g. passport)
  • Email address
  • Phone number
  • Date of Birth

Data Breach Settlements

CSC ServiceWorks Data Breach Class Action Settlement
Pawn America $3.19M Customer Data Breach Settlement
Whitman Hospital $500,000 Data Breach Settlement
Comcast $117.5M Data Breach Class Action Settlement
Linq Platform Data Breach Class Action Settlement
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image

What to Read Next

CentroNía Data Breach Exposes PII and PHI
April 9, 2026
CentroNía Data Breach Exposes PII and PHI
Texcaz Insurance Breach Exposed Driver Data
April 9, 2026
Texcaz Insurance Breach Exposed Driver Data
Bitcoin Depot Reports $3.665M Bitcoin Theft
April 9, 2026
Bitcoin Depot Reports $3.665M Bitcoin Theft
TruView BSI Data Breach Exposes SSNs and Government IDs
April 9, 2026
TruView BSI Data Breach Exposes SSNs and Government IDs