Crossroads Trading Data Breach Exposes Social Security Numbers

Published
March 26, 2025
Updated
March 26, 2025
Crossroads Trading Data Breach Exposes Social Security Numbers
Crossroads Trading
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

Crossroads Trading

data breach?

Join the Lawsuit

It's free to join. 

On February 15, 2025, Crossroads Trading Co., Inc. experienced a significant data breach when an unauthorized third party gained access to the company's server and encrypted sensitive data stored on its network. Immediately after discovering the breach, Crossroads Trading's IT team responded swiftly, securing the network, restoring systems, and preventing further unauthorized access.

A thorough forensic investigation confirmed that the unauthorized access was limited to a specific segment of the company's network. However, the attacker, identified as the ransomware group Qilin, claimed responsibility for the incident. On February 21, 2025, the Qilin group posted on the dark web, stating they had obtained Crossroads Trading Company's data and threatened to make it available for download on February 27, 2025. They also provided sample screenshots of the stolen data on their dark web portal.

The compromised data included personally identifiable information (PII) of affected individuals, specifically names, Social Security numbers, driver's license numbers, and other government-issued identification numbers such as passports or state ID cards. The company reported that 1,525 residents of Texas and 32 residents of New Hampshire were affected by the breach.

Crossroads Trading Co., Inc. formally disclosed the breach to the New Hampshire Attorney General's office on March 25, 2025, and to the Texas Attorney General's office on March 26, 2025. You can review the official disclosure on the Texas Attorney General's data security breach reports page and on the New Hampshire Attorney General's website.

Crossroads Trading's response

Following the breach, Crossroads Trading retained cybersecurity experts to investigate the incident thoroughly and engaged a cyberthreat firm to prevent the encrypted data from being published, distributed, or misused. They also proactively contacted the Federal Bureau of Investigation (FBI) and cooperated fully with their investigation.

On February 26th, Crossroads Trading notified its employees of the incident via email as a proactive measure. On March 25, 2025, the company began notifying all potentially impacted individuals by U.S. mail. Crossroads Trading has offered affected individuals complimentary identity theft protection services through Experian's IdentityWorks program. This service includes credit monitoring, identity restoration assistance, daily credit reports, and $1 million in identity theft insurance coverage.

If you received a notification from Crossroads Trading, it is recommended that you enroll in the IdentityWorks program promptly, review your credit reports regularly, and closely monitor your financial accounts for any suspicious activity. Additionally, you may consider placing a fraud alert or security freeze on your credit file to further protect yourself from potential identity theft or fraud.

For more details, visit the Crossroads Trading Co., Inc. website.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Affected Entity
Crossroads Trading
Consumers Notification date
Date of Breach
Breach Discovered Date
Total People Affected
Information Types Exposed
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image