Back

Excelas Data Breach Exposes Sensitive Personal and Health Information

Severity: High (Score: 67.5)

Sources: Classaction, Claimdepot, excelas1.com

Summary

Excelas, a medical record organization, reported a data breach involving unauthorized access to its systems between November 27 and December 3, 2025. The breach was detected on January 28, 2026, and may have compromised personal and health information of individuals, including names, Social Security numbers, and medical records. The ransomware group Cl0p claimed responsibility for the breach on January 23, 2026, posting on the dark web. Excelas has begun notifying affected individuals and is offering complimentary identity monitoring services for 24 months. The breach was disclosed to attorneys general in Massachusetts and New Hampshire on May 12, 2026. Excelas is working with law enforcement and cybersecurity specialists to enhance security measures. Key Points: • Unauthorized access to Excelas systems occurred between November 27 and December 3, 2025. • Cl0p ransomware group claimed responsibility for the breach on January 23, 2026. • Excelas is offering 24 months of complimentary identity monitoring services to affected individuals.

Key Entities

  • Data Breach (attack_type)
  • Excelas (company)
  • Ocelot Ventures (company)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • classaction.org (domain)
  • identitytheft.gov (domain)
  • Cl0p (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed