Lohmann Reports Data Breach Affecting U.S. Employees’ Sensitive Information
Lohmann, a U.S.-based subsidiary of its German parent company, disclosed a data breach that may have exposed sensitive personal and health-related information of its employees. The incident was first detected on January 27, 2026, when an IT security breach at the parent company’s facility in Neuwied, Germany, impacted systems used by Lohmann in the United States.
An investigation revealed that an unauthorized third party accessed employee data during the breach. The compromised information varies by individual but may include names, Social Security numbers, addresses, dates of birth, driver’s license numbers, passport or government-issued ID numbers, benefit and insurance plan details, and financial account numbers.
On March 13, 2026, Lohmann began notifying affected individuals via mail, providing details on the exposed data and offering 24 months of complimentary credit monitoring services. The breach notice was filed with the Attorney General of New Hampshire, where impacted residents were among those notified. The full disclosure is available in the filed documentation.
Source: https://straussborrelli.com/2026/03/17/lohmann-data-breach-investigation/
Lohmann GmbH & Co. KG cybersecurity rating report: https://www.rankiteo.com/company/lohmann-gmbh-&-co-kg
"id": "LOH1773765896",
"linkid": "lohmann-gmbh-&-co-kg",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Employees',
'location': 'United States',
'name': 'Lohmann',
'type': 'Subsidiary'}],
'customer_advisories': '24 months of complimentary credit monitoring services '
'offered to affected individuals',
'data_breach': {'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Addresses',
'Dates of birth',
'Driver’s license '
'numbers',
'Passport or '
'government-issued ID '
'numbers',
'Benefit and '
'insurance plan '
'details',
'Financial account '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Health Information',
'Financial Information']},
'date_detected': '2026-01-27',
'date_publicly_disclosed': '2026-03-13',
'description': 'Lohmann, a U.S.-based subsidiary of its German parent '
'company, disclosed a data breach that may have exposed '
'sensitive personal and health-related information of its '
'employees. The incident was first detected on January 27, '
'2026, when an IT security breach at the parent company’s '
'facility in Neuwied, Germany, impacted systems used by '
'Lohmann in the United States. An investigation revealed that '
'an unauthorized third party accessed employee data during the '
'breach.',
'impact': {'data_compromised': 'Sensitive personal and health-related '
'information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Completed',
'references': [{'source': 'Attorney General of New Hampshire'}],
'regulatory_compliance': {'regulatory_notifications': ['Attorney General of '
'New Hampshire']},
'response': {'communication_strategy': 'Notification via mail to affected '
'individuals'},
'threat_actor': 'Unauthorized third party',
'title': 'Lohmann Reports Data Breach Affecting U.S. Employees’ Sensitive '
'Information',
'type': 'Data Breach'}