St. Marys NDS Data Breach Exposes Social Security Numbers

On February 7, 2025, St. Marys NDS, LLC disclosed a data breach affecting sensitive personal and protected health information of consumers. According to official disclosures made to various state attorney generals, the breach involved unauthorized access to sensitive data, potentially exposing the personal information of 11,715 Americans.

The breach was first reported to the Texas Attorney General's office on February 7, 2025, affecting approximately 718 Texas residents. Subsequently, disclosures were made to the Massachusetts Attorney General's office and the New Hampshire Attorney General's office on April 7, 2025, affecting 11 residents in Massachusetts. You can view the official disclosure on the Texas Attorney General's website, the Massachusetts Attorney General's website, and the New Hampshire Attorney General's website.

The types of information exposed in this breach included personally identifiable information (PII) and protected health information (PHI). Specifically, the compromised data includes date of birth, Social Security numbers (PII), prescription numbers, prescription information, and dates of service (PHI). The exact method of how this data was accessed or stolen has not been publicly detailed at this time. However, St. Marys NDS, LLC indicated that they engaged a forensic investigation firm immediately upon discovery of the breach to determine the scope and impact of the incident.

St. Marys' response

To assist affected individuals, the company is offering complimentary credit monitoring, credit reporting, and credit score services for 24 months through Cyberscout, a TransUnion company specializing in fraud assistance and remediation services. Affected consumers must enroll within 90 days from receipt of their notification letter. Enrollment can be completed online at Cyberscout's activation page.

Consumers who may have been impacted are encouraged to remain vigilant, regularly review their financial statements, and monitor their credit reports for any suspicious or unauthorized activity. Additionally, consumers may consider placing a fraud alert or security freeze on their credit files as precautionary measures.