Fresenius Kabi USA Investigates Data Breach Affecting Sensitive Personal Information
Fresenius Kabi USA, LLC, the U.S. subsidiary of global healthcare company Fresenius Kabi, is under investigation following a data breach that may have exposed sensitive personal information. The incident, discovered on January 8, 2026, involved unauthorized access to company data by a third party between January 6 and January 9, 2026. The breach targeted a network linked to Fresenius’s subsidiary, Ivenix.
An external forensic investigation concluded on April 29, 2026, revealing that the exposed data included personal details of employees, customers, and minor dependents. While the company found no evidence of data being downloaded or misused, the compromised information encompassed a wide range of sensitive data, including:
- Names, addresses, phone numbers, and email addresses
- Dates of birth and Social Security numbers
- Driver’s license, passport, and government identification details
- Financial account and credit/debit card numbers
- Medical records and health-related information
In Massachusetts alone, 285 individuals were confirmed as affected. The law firm Shamis & Gentile P.A. is leading the investigation, advising impacted individuals that they may be eligible for compensation. Fresenius Kabi USA, headquartered in Lake Zurich, Illinois, specializes in lifesaving medicines, clinical nutrition products, and medical technologies.
Source: https://www.claimdepot.com/investigations/fresenius-kabi-data-breach-2026
Fresenius Kabi USA cybersecurity rating report: https://www.rankiteo.com/company/fresenius-kabi-usa
"id": "FRE1781735374",
"linkid": "fresenius-kabi-usa",
"type": "Breach",
"date": "1/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '285 (confirmed in '
'Massachusetts)',
'industry': 'Healthcare',
'location': 'Lake Zurich, Illinois, USA',
'name': 'Fresenius Kabi USA, LLC',
'type': 'Subsidiary'},
{'industry': 'Healthcare',
'name': 'Ivenix',
'type': 'Subsidiary'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': 'Impacted individuals may be eligible for compensation',
'data_breach': {'data_exfiltration': 'No evidence of data being downloaded or '
'misused',
'personally_identifiable_information': ['Names',
'Addresses',
'Phone numbers',
'Email addresses',
'Dates of birth',
'Social Security '
'numbers',
'Driver’s license '
'numbers',
'Passport numbers',
'Government '
'identification '
'details'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information',
'Financial Information',
'Medical Records']},
'date_detected': '2026-01-08',
'description': 'Fresenius Kabi USA, LLC, the U.S. subsidiary of global '
'healthcare company Fresenius Kabi, is under investigation '
'following a data breach that may have exposed sensitive '
'personal information. The incident involved unauthorized '
'access to company data by a third party between January 6 and '
'January 9, 2026, targeting a network linked to Fresenius’s '
'subsidiary, Ivenix. The exposed data included personal '
'details of employees, customers, and minor dependents, such '
'as names, addresses, Social Security numbers, financial '
'account information, and medical records.',
'impact': {'data_compromised': 'Sensitive personal information, including '
'names, addresses, Social Security numbers, '
'financial account details, and medical '
'records',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Network linked to subsidiary Ivenix'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Shamis & Gentile P.A.'}],
'regulatory_compliance': {'legal_actions': 'Investigation led by Shamis & '
'Gentile P.A.'},
'response': {'third_party_assistance': 'External forensic investigation'},
'threat_actor': 'Third Party',
'title': 'Fresenius Kabi USA Investigates Data Breach Affecting Sensitive '
'Personal Information',
'type': 'Data Breach'}