Interact suffered a data breach where an unauthorized actor infiltrated its computer network on May 28–29, 2025, exfiltrating sensitive personal and health information. The compromised data includes names, Social Security numbers, dates of birth, addresses, driver’s license/state ID numbers, bank/credit card details, and protected health information (diagnoses, medications, treatment records). The breach was publicly disclosed on September 26, 2025, with notifications filed to the U.S. Department of Health and Human Services’ Office for Civil Rights. Affected individuals were offered credit monitoring services, though the full scope of misuse remains undetermined. The incident highlights severe risks to identity theft, financial fraud, and medical privacy violations, with potential long-term repercussions for victims.
Source: https://straussborrelli.com/2025/11/24/intercommunity-action-data-breach-investigation/
Simple Interact cybersecurity rating report: https://www.rankiteo.com/company/simpleinteract
"id": "SIM4314443112625",
"linkid": "simpleinteract",
"type": "Breach",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Healthcare',
'name': 'Interact',
'type': 'Organization'}],
'customer_advisories': ['Public breach notice with details on impacted data '
'types and credit monitoring services'],
'data_breach': {'data_exfiltration': 'Likely (files were accessed and '
'acquired by unauthorized third party)',
'personally_identifiable_information': ['Name',
'Social Security '
'number',
'Date of birth',
'Address',
'Driver’s license '
'number',
'State identification '
'number'],
'sensitivity_of_data': 'High (includes SSNs, financial data, '
'and health records)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Financial Information']},
'date_detected': '2025-05-29',
'date_publicly_disclosed': '2025-09-26',
'description': 'Interact announced a data breach where unauthorized actors '
'accessed its computer network on May 29, 2025, potentially '
'compromising sensitive personal identifiable information '
'(PII) and protected health information (PHI). The breach '
'impacted data such as names, Social Security numbers, dates '
'of birth, addresses, driver’s license numbers, financial '
'information, and health records. The incident was publicly '
'disclosed on September 26, 2025, and affected individuals '
'were offered complimentary credit monitoring services.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive PII/PHI',
'data_compromised': ['Name',
'Social Security number',
'Date of birth',
'Address',
'Driver’s license number',
'State identification number',
'Bank account information',
'Credit card number',
'Other financial information',
'Protected health information (claims, '
'diagnosis/conditions, medications, treatment '
'information)'],
'identity_theft_risk': 'High (due to exposure of SSNs, financial, '
'and health data)',
'payment_information_risk': 'High (credit card numbers and bank '
'account information exposed)',
'systems_affected': ['Computer network', 'File storage systems']},
'initial_access_broker': {'high_value_targets': ['PII',
'PHI',
'Financial data']},
'investigation_status': 'Ongoing (as of September 2025, review of impacted '
'data and identification of affected individuals in '
'progress)',
'references': [{'source': 'Interact Breach Notice'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA (likely, due to PHI '
'exposure)'],
'regulatory_notifications': ['U.S. Department of '
'Health and Human '
'Services’ Office for '
'Civil Rights']},
'response': {'communication_strategy': ['Public breach notice on website '
'(2025-09-26)',
'Notification to U.S. Department of '
'Health and Human Services’ Office '
'for Civil Rights'],
'incident_response_plan_activated': True,
'recovery_measures': ['Complimentary credit monitoring services '
'for affected individuals'],
'remediation_measures': ['Review of impacted data',
'Identification of affected '
'individuals']},
'threat_actor': 'Unauthorized third party',
'title': 'Interact Data Breach Involving Sensitive Personal and Health '
'Information',
'type': ['Data Breach', 'Unauthorized Access']}