VectraRx Mail Pharmacy Services discloses major data breach affecting over 109,000 individuals

VectraRx Mail Pharmacy Services LLC, a New York-based mail-order pharmacy, has disclosed a significant data breach that compromised the sensitive personal and protected health information of 109,383 individuals. The breach, which was discovered on December 13, 2024, involved unauthorized access to the company’s systems, potentially exposing data such as names, Social Security numbers, dates of birth, prescription numbers, prescription information, and dates of service.

Upon detecting unusual activity on one of its servers, VectraRx promptly launched an investigation with the assistance of a third-party cybersecurity firm. The investigation confirmed that an unauthorized actor had accessed the company’s network and may have viewed or copied sensitive data. While the exact timeline of the breach remains unclear, VectraRx completed a comprehensive review of the impacted data by January 7, 2025, identifying the individuals whose information was potentially compromised.

On February 7, 2025, VectraRx publicly disclosed the breach and began notifying affected individuals via mailed letters. The company has offered those impacted 12 to 24 months of complimentary credit monitoring and identity theft restoration services to help mitigate potential risks. Additionally, compensation may be available for individuals whose personal information was compromised, though specific details regarding eligibility and the process for claiming compensation have not yet been disclosed.

The breach has raised significant concerns about the security of sensitive personal and protected health information entrusted to VectraRx. As a mail-order pharmacy, the company handles a vast amount of confidential data, making it a potential target for cybercriminals.

VectraRx has not disclosed whether the unauthorized access was linked to a specific threat actor or group, nor has it confirmed whether any data has been misused. However, the company has emphasized its commitment to addressing the breach and enhancing its security protocols to prevent similar incidents in the future.