Wakefield & Associates Data Breach Exposes Social Security Numbers of 371K

On or before Jan. 17, 2025, Wakefield & Associates, a revenue cycle management and medical debt collection company, experienced a data breach. An investigation revealed that a threat actor gained access to and may have acquired files containing sensitive consumer information.

A review was completed on Sept. 24, 2025, and determined that the cyberattack compromised both personally identifiable information (PII) and protected health information (PHI) of several thousand individuals. Exposed information included names, collection account information, Social Security numbers, driver's license or state ID numbers, financial information and health information.

A ransomware group known as Akira, claimed responsibility for the attack on Feb. 11, 2025. According to their dark web posting, the cybercriminals allegedly obtained 13 GB of data, including passport numbers, confidential licenses, agreements and contracts, financial data, employee and customer contact information, medical insurance documents, internal correspondence, and Medicare numbers.

Impacted consumers includes 26,624 Montana residents, 18,933 in South Carolina, 2,286 in Texas, 131 Massachusetts residents, 41 in Maine and 28 in Rhode Island.

Wakefield began notifying affected individuals by mail on Nov. 7, 2025 and published a Notice of Data Privacy Event on its website, below the privacy policy language. The stolen data puts Wakefield clients and employees at risk for identity theft and financial and medical fraud.

Beginning on Nov. 7, 2025, the company disclosed the breach to the Attorney Generals' offices in Maine, Massachusetts, Montana, Oregon, Texas, South Carolina and Vermont.

Wakefield & Associates' response

In response to the data breach, Wakefield took steps to secure its internal network and notified law enforcement. In addition to required state and federal disclosures, the company is offering impacted individuals 12 free months of TransUnion Cyberscout credit monitoring and identity theft protection services.

If you receive a data breach notice from Wakefield & Associates, you may want to:

• Sign up for the free credit monitoring and identity theft protection services, offered by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

Wakefield has also established a dedicated assistance line for individuals with questions at 1-833-833-7202, available Monday through Friday from 9 a.m. to 8 p.m. Eastern Time.