Tyree Oil Data Breach Exposes PHI and PII: SSN, Financial Details, and More Exposed

Tyree Oil Inc., a family-owned petroleum marketer based in Eugene, Oregon, recently reported a data breach that has affected its customers.

The breach was the result of a ransomware attack carried out by the PLAY ransomware group. This group claimed responsibility for the incident on July 8, 2025, and threatened to publish stolen data on July 10, 2025, via their network on the Tor dark web.

The attackers stated they had obtained a range of confidential company and client documents, including budget records, payroll data, accounting files, tax information, identification documents and other financial data.

According to a disclosure filed with the Massachusetts Office of Consumer Affairs and Business Regulation, the breach was reported on March 7, 2026, and impacted at least three individuals in Massachusetts.

The incident involved the exposure of sensitive consumer information, including credit and debit card numbers, driver’s license numbers/ state ID, financial account number with routing number, payment card number with expiration date and CVV, Social Security numbers, health insurance information, and health information.

Tyree Oil's response

Tyree Oil is offering complimentary credit monitoring services, which must be activated within 90 days of receiving the notification letter. This service is designed to alert individuals to any suspicious activity on their credit reports.

Additionally, Tyree Oil recommends that affected individuals place a one-year fraud alert on their credit files at no charge. This alert notifies creditors to verify a person’s identity before opening any new accounts.

The company also outlines the option to place a security freeze on credit files, which restricts access to credit reports and helps prevent new accounts from being opened without explicit authorization.

Affected individuals are encouraged to obtain free credit reports from the three major credit bureaus and review them for any discrepancies or unauthorized activity. If suspicious activity is detected, individuals should promptly contact law enforcement and file a police report.