FedEx Group Health Plan Reports Data Breach Affecting Over 1,000 Individuals
On December 1, 2025, FedEx Corporation Group Health Plan disclosed a cybersecurity incident that exposed the personally identifiable information (PII) and protected health information (PHI) of at least 1,066 individuals across the U.S. The breach impacted active and former employees enrolled in the company’s medical, dental, vision, and COBRA continuation coverage plans.
The compromised data may include names, contact details, Social Security numbers, medical plan information, health claims, and dependent records. While FedEx has not released specifics on the breach’s method or timeline, it confirmed the incident to the U.S. Department of Health and Human Services on the same day.
In response, FedEx has notified federal authorities and is expected to contact affected individuals directly. Though the company has not detailed its mitigation efforts, similar breaches often involve credit monitoring or identity protection services for impacted parties.
The exposure of both PII and PHI raises concerns about potential fraud, including unauthorized medical billing or identity theft. Affected individuals are advised to monitor health insurance statements and credit reports for suspicious activity.
Source: https://www.claimdepot.com/data-breach/fedex-2025
FedEx Corporation cybersecurity rating report: https://www.rankiteo.com/company/fedex-corporation
FedEx Corporation cybersecurity rating report: https://www.rankiteo.com/company/fedex-corporation
"id": "FEDFED1766419445",
"linkid": "fedex-corporation, fedex-corporation",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '1066',
'industry': 'Logistics/Healthcare',
'location': 'U.S.',
'name': 'FedEx Corporation Group Health Plan',
'type': 'Health Plan'}],
'customer_advisories': 'Affected individuals should be vigilant for '
'suspicious activity, including unexpected '
'communications from health care providers or '
'insurance companies.',
'data_breach': {'number_of_records_exposed': '1066',
'personally_identifiable_information': ['Names',
'Contact information',
'Social Security '
'numbers',
'Medical plan details',
'Health claims',
'Dependent '
'information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally identifiable '
'information (PII)',
'Protected health information '
'(PHI)']},
'date_publicly_disclosed': '2025-12-01',
'description': 'FedEx Corporation Group Health Plan disclosed a cybersecurity '
'incident that has potentially compromised personally '
'identifiable information (PII) and protected health '
'information (PHI) of at least 1,066 individuals across the '
'U.S. The breach involved sensitive information related to the '
'group health plan for active employees, including medical, '
'dental, vision, and COBRA continuation coverage for former '
'employees.',
'impact': {'data_compromised': 'Personally identifiable information (PII) and '
'protected health information (PHI)',
'identity_theft_risk': 'High'},
'recommendations': ['Monitor credit reports closely',
'Review health insurance statements and medical bills for '
'unfamiliar charges',
'Report suspicious activity to the insurance provider and '
'the Federal Trade Commission',
'Place a fraud alert or credit freeze with major credit '
'bureaus'],
'references': [{'source': 'U.S. Department of Health and Human Services'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': ['U.S. Department of '
'Health and Human '
'Services']},
'response': {'communication_strategy': 'Direct notification to affected '
'individuals expected'},
'title': 'FedEx Corporation Group Health Plan Data Breach',
'type': 'Data Breach'}