Recently, WEDGE reported to the Attorney General of the Commonwealth of Massachusetts that the sensitive personal identifiable information in its care may have been compromised. In the sample breach notice provided to the Attorney General of the Commonwealth of Massachusetts, WEDGE does not elaborate on the nature of the security incident that impacted its systems. While the information impacted varies depending on the individual, the type of information potentially exposed includes:4
Name
Social Security number
Driver’s license information
On November 26, 2025, WEDGE began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Massachusetts residents, WEDGE is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification letters that WEDGE filed with the Attorney General of the Commonwealth of Massachusetts is below.
Source: https://straussborrelli.com/2025/12/01/wedge-holdings-data-breach-investigation/
WedgeHR cybersecurity rating report: https://www.rankiteo.com/company/wedge-hr
"id": "WED1764627230",
"linkid": "wedge-hr",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': None,
'location': 'Massachusetts, USA (or '
'broader, as breach notices '
'were filed with '
'Massachusetts AG)',
'name': 'WEDGE',
'size': None,
'type': None}],
'customer_advisories': 'Notification letters mailed to affected '
'individuals (November 26, 2025) with '
'details of exposed data and credit '
'monitoring offer',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': ['Name',
'Social '
'Security '
'number',
'Driver’s '
'license '
'information'],
'sensitivity_of_data': 'High (includes SSN and '
'driver’s license info)',
'type_of_data_compromised': ['Personally '
'Identifiable '
'Information '
'(PII)']},
'description': 'WEDGE reported to the Attorney General of the '
'Commonwealth of Massachusetts that sensitive '
'personal identifiable information in its care '
'may have been compromised. The breach notice did '
'not elaborate on the nature of the security '
'incident, but the exposed data includes names, '
'Social Security numbers, and driver’s license '
'information. Affected individuals were notified '
'via mail on November 26, 2025, and offered '
'complimentary credit monitoring services.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['Name',
'Social Security number',
'Driver’s license information'],
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High (PII exposed)',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Attorney General of the Commonwealth '
'of Massachusetts - WEDGE Breach '
'Notice',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': 'Filed '
'breach '
'notice '
'with the '
'Attorney '
'General '
'of the '
'Commonwealth '
'of '
'Massachusetts'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Mail notification to '
'affected individuals '
'(began November 26, '
'2025); filing with '
'Attorney General of '
'Massachusetts',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Likely '
'(notification '
'letters sent)',
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': 'Complimentary credit '
'monitoring services offered '
'to affected individuals',
'remediation_measures': None,
'third_party_assistance': None},
'title': 'WEDGE Data Breach Incident',
'type': 'Data Breach'}}