.png)
Legacy Treatment Services Data Breach Investigation
Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Legacy Treatment Services, Inc. data breach.
If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.
About Legacy Treatment Services, Inc.
Legacy Treatment Services, Inc. is a nonprofit behavioral health organization based in New Jersey. Founded in 2014, the company provides a broad range of mental health, behavioral health, addiction, and intellectual/developmental disability services. Legacy Treatment Services is affiliated with the Woods System of Care and operates multiple locations throughout New Jersey with approximately 240 employees listed on LinkedIn.
What happened?
Between October 6, 2024, and October 11, 2024, Legacy Treatment Services experienced a data breach involving unauthorized access to its network. The breach was discovered on November 13, 2024, and an investigation confirmed that sensitive personal and protected health information had been accessed and acquired by an unauthorized party.
The INTERLOCK ransomware group claimed responsibility for the attack, stating they obtained approximately 170 GB of data, including internal documents, patient records, and a large SQL database. The cybersecurity incident impacted at least 41,826 individuals.
The organization began notifying impacted individuals by mail on Aug. 20, 2025.
Information Exposed
- Name
- Social Security number
- Date of birth
- Contact information
- Driver’s license or state ID number
- Financial account number
- Routing number
- Bank name
- Credit or debit card number
- Card CVV expiration date
- Pin or security code
- Login information
- Medical diagnosis
- Clinical information
- Medical treatment
- Procedure information
- Treatment type
- Treatment location
- Treatment cost information
- Doctor’s name
- Medical record number
- Patient account number
- Health insurance information
- Prescription information
- Biometric data
Legacy Treatment Services disclosed the data breach to the Maine, Vermont, New Hampshire and Massachusetts Attorney Generals' offices beginning on Aug. 22, 2025.
Your Rights and Next Steps
If you received a data breach notice from Legacy Treatment Services, you have important rights and options. You may be entitled to seek compensation for any harm or inconvenience caused by this cybersecurity incident.
- Identity theft protection services: Enroll in the free IDX identity theft protection services offered by the company.
- Monitor your accounts carefully: Check your financial statements regularly for suspicious activity or unauthorized transactions. If you notice anything unusual, contact your financial institution immediately.
- Fraud alert and credit reports: A fraud alert informs creditors to take extra steps to verify your identity before opening new accounts in your name. Consumers are also entitled to one free credit report annually from each credit bureau. You can request a fraud alert or a credit report by contacting any one of the three major credit bureaus.
- Seek legal help: Lawyers are ready to help you understand your rights and pursue compensation.
You May Be Entitled to Compensation
If your personal information was exposed in the Legacy Treatment Services data breach, you may be eligible for compensation. Lawyers are ready to help you understand your rights and assist you in joining a potential class action lawsuit.
To find out if you qualify, complete the form below. Taking action now can help protect your rights and secure the compensation you deserve.
.svg)