Oregon HR firm Cardinal Services hit by cyber attack, over 140,000 affected

Cardinal Services, an Oregon-based human resource service provider, announced that a data security incident it experienced last year exposed the sensitive personal information of more than 140,000 individuals.

 

Cardinal Services, Inc., Cardinal Employer Organisation, and Preferred Employer Solutions, collectively known as Cardinal, provide payroll, HR, employee benefits and workforce management services to help businesses operate more efficiently and support their employees effectively.

 

In a data security incident notice filed with the Office of Maine Attorney General, Cardinal said that on June 30, it detected unauthorised activity within its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the scope of the incident.

 

It also took steps to secure the affected systems and notified relevant law enforcement authorities about the same.

 

“After an extensive forensic investigation and complex manual document review, Cardinal discovered on May 12, 2026, that the impacted systems, which were accessed between June 25 and June 26, 2025, and on or around August 8, 2025, contained some of your personal information,” Cardinal said.

 

The compromised data included names, and other personal identifiers including Social Security Numbers. The filing with the Maine state regulator’s office also states that Cardinal has identified at least 142,323 individuals who were affected by the incident.

 

While the company found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. It has also offered one year of complimentary identity protection and credit monitoring services through Epiq to all affected individuals.

 

The INC Ransom ransomware group claimed responsibility for the cyber attack on Cardinal and

the company as a victim on its data leak site. The group said it had stolen confidential data from the company and, in September, the same was published, indicating a failed ransom negotiation.

 

In July, the Rhysida ransomware group also said it breached the internal network of Cardinal Services and stole confidential data.