HomeNewsBreachesAbout
Account
operation-par-2025

Operation PAR, Inc. Breach

Jul 2, 2025

88,313 rows

Added on Sep 17, 2025

Search the Leak

Email
Phone Number

What happened in the Operation PAR, Inc. Breach?

DataBreach.com Team · September 16th 2025, 8:00 pm EDT

Breach Overview 

Operation PAR, Inc. - a Florida-based nonprofit addiction-treatment provider - reported a data security incident discovered on June 10, 2025. The WorldLeaks ransomware group claimed responsibility, boasting of nearly 900,000 stolen files. Forensics suggest the organization’s cloud-based EHR wasn’t compromised, but internal systems holding patient and staff data were exposed. 
Our parse of the leaked dataset confirms the scope and sensitivity. 
--- 

Exposed Data 

  • 88,000 addresses 
  • 13,200 phone numbers 
  • 10,400 Social Security numbers (SSNs) 
  • 9,000 email accounts 
    --- 

Threat Actor 

  • Group: WorldLeaks (ransomware/blackmail group) 
  • Method: Network intrusion → data theft → extortion listing (July 2025) 
    --- 

Risks to Victims 

  • Phishing & scams: With addresses and phones widely exposed, targeted SMS and mail fraud are likely. 
  • Identity theft: SSNs make this a classic identity-risk case. 
  • Healthcare fraud: Stolen data may be used to file false insurance claims. 
    --- 

Legal & Regulatory Response 

  • Multiple class-action firms (Strauss Borrelli, Levi & Korsinsky, Dapeer Law) are investigating potential claims. 
  • As of September 2025, no class action is formally filed
  • PAR has posted a Data Security Incident Notice and is offering a help line: 877-495-0947
    --- 

What Operation PAR Says 

“There is no evidence of fraud or misuse so far. We are notifying potentially affected individuals directly.” 
(Operation PAR statement, June 2025) 
--- 

What to Do If Affected 

  • Freeze your credit at Experian, Equifax, and TransUnion. 
  • Monitor Explanation of Benefits (EOBs) from your insurer for unfamiliar claims. 
  • Use free credit monitoring if PAR offers it. 
  • Stay alert for smishing and robocalls - attackers already hold phone numbers. 
For media inquiries, contact us at contact@databreach.com