Universal Pure Data Breach Exposes Sensitive Personal Information

Universal Pure LLC, North America's largest high pressure processing service provider for the food and beverage industry, has disclosed a data breach that affected individuals across multiple states.

The breach was disclosed in filings with the Maine, New Hampshire and Texas attorneys general starting on April 21, 2026. According to those filings, the breach affected one Maine resident, three New Hampshire residents and 1,179 Texas residents.

Universal Pure discovered the breach on Aug. 20, 2024. Consumer notification letters are dated April 21, 2026.

What happened in the Universal Pure data breach

Between July 10 and Aug. 20, 2024, certain computer systems at Universal Pure were subject to unauthorized access. Files were taken from the company's network on separate occasions during this roughly six-week period.

After identifying the suspicious activity, the company took steps to secure its network and launched an investigation into the nature and scope of what occurred.

Following the investigation, Universal Pure conducted a detailed review of the affected systems and files to confirm what information was stored in them and to determine which individuals were impacted.

This review was completed on Aug. 7, 2025. Universal Pure then worked with a notification vendor to validate mailing addresses through the National Change of Address database, which completed on April 15, 2026, roughly 20 months after the breach was first discovered.

The types of personal information exposed vary by individual but may include names, Social Security numbers, driver's license numbers, financial account information, medical information and health insurance information.

Universal Pure's response to the breach

Universal Pure is offering affected individuals 12 months of free credit monitoring and identity theft protection services through Cyberscout, a TransUnion company, at no cost. These services include single bureau credit monitoring, a single bureau credit report, a single bureau credit score and proactive fraud assistance.

To enroll, individuals can visit Cyberscout's enrollment page and enter the unique code included in their notification letter. Enrollment must be completed within 90 days of the date of the letter.

Individuals who have questions about the breach can call the dedicated phone line from 8 a.m. to 8 p.m. ET, Monday through Friday, excluding major U.S. holidays. The phone number is included in individual notification letters sent to affected people.

Steps to take if your information was exposed

• Place a credit freeze on your credit file by contacting Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-833-799-5355) to prevent new accounts from being opened without authorization.
• Request free credit reports at AnnualCreditReport.com and review them carefully for any accounts or activity that looks unfamiliar.
• Monitor bank and credit card statements closely because financial account information was among the types of data potentially exposed in this breach.
• Consider placing a fraud alert with one of the three major credit bureaus, which will require businesses to verify identity before extending new credit.
• Watch for phishing attempts that reference Universal Pure or this data breach by name, as scammers sometimes use breach notifications to trick people into sharing more personal information.
• Review health insurance statements for any unfamiliar medical services or charges, since medical and health insurance information were among the data types potentially exposed.