Idera Data Breach Exposes Sensitive Personal Information of Over 2,000 Individuals
Shamis & Gentile P.A., a class action law firm specializing in data breach cases, is investigating a security incident involving Idera (operating as Flash Charm Inc.), a Houston-based software company. The breach, detected on October 31, 2025, involved unauthorized access to a third-party file-hosting system, though Idera’s internal systems and products remained unaffected.
Forensic investigations determined the breach occurred on August 23, 2025, exposing the sensitive data of 2,015 individuals across the U.S., including 606 in Texas, 36 in Massachusetts, and 2 in Maine. Affected consumers were notified via U.S. mail on February 26, 2026.
Compromised data included:
- Names, addresses, and contact details
- Social Security numbers and driver’s license numbers
- Government-issued IDs (passport/state ID numbers)
- Credit/debit card and financial account numbers
- Health insurance information
- Dates of birth
Idera responded by containing the breach, notifying federal law enforcement, and engaging forensic teams. The incident highlights risks associated with third-party file-hosting systems, particularly for organizations handling sensitive personal and financial data. Legal action is being pursued for affected individuals.
Source: https://www.claimdepot.com/investigations/idera-data-breach-2026
Flash cybersecurity rating report: https://www.rankiteo.com/company/flash
IDERA Software cybersecurity rating report: https://www.rankiteo.com/company/idera-software
"id": "FLAIDE1772239249",
"linkid": "flash, idera-software",
"type": "Breach",
"date": "8/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2015',
'industry': 'Technology',
'location': 'Houston, Texas, USA',
'name': 'Idera (Flash Charm Inc.)',
'type': 'Software Company'}],
'attack_vector': 'Unauthorized access to third-party file-hosting system',
'customer_advisories': 'Notification via U.S. mail to affected individuals on '
'February 26, 2026',
'data_breach': {'number_of_records_exposed': '2015',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Addresses',
'Contact details',
'Social Security numbers',
'Driver’s license numbers',
'Government-issued IDs '
'(passport/state ID numbers)',
'Credit/debit card numbers',
'Financial account numbers',
'Health insurance information',
'Dates of birth']},
'date_detected': '2025-10-31',
'date_publicly_disclosed': '2026-02-26',
'description': 'Shamis & Gentile P.A. is investigating a security incident '
'involving Idera (operating as Flash Charm Inc.), a '
'Houston-based software company. The breach involved '
'unauthorized access to a third-party file-hosting system, '
'exposing sensitive data of 2,015 individuals across the U.S. '
'Idera’s internal systems and products remained unaffected.',
'impact': {'data_compromised': 'Sensitive personal and financial information',
'identity_theft_risk': 'High',
'legal_liabilities': 'Legal action being pursued',
'payment_information_risk': 'High',
'systems_affected': 'Third-party file-hosting system'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Highlights risks associated with third-party file-hosting '
'systems, particularly for organizations handling '
'sensitive personal and financial data.',
'post_incident_analysis': {'root_causes': 'Unauthorized access to third-party '
'file-hosting system'},
'references': [{'source': 'Shamis & Gentile P.A.'}],
'regulatory_compliance': {'legal_actions': 'Legal action being pursued'},
'response': {'communication_strategy': 'Notification via U.S. mail to '
'affected individuals',
'containment_measures': 'Breach contained',
'law_enforcement_notified': 'Federal law enforcement notified',
'third_party_assistance': 'Forensic teams engaged'},
'title': 'Idera Data Breach Exposes Sensitive Personal Information of Over '
'2,000 Individuals',
'type': 'Data Breach'}