The breach is likely to draw scrutiny from state attorneys general and federal regulators, particularly given PDL’s role as a data processor for other businesses. Class-action lawsuits have already been filed in the Northern District of California, alleging negligence and violation of data protection laws.
The breach, which appears to have occurred in late March 2026, reportedly exposed sensitive personal information belonging to thousands of individuals, including names, physical addresses, phone numbers, email addresses, and in some cases, partial financial data. pdl customer breach
This incident serves as a reminder that even non-healthcare data brokers remain attractive targets for cybercriminals, and that legacy systems with weak security controls pose ongoing risks to customer privacy. The breach is likely to draw scrutiny from
PDL is notifying affected customers via email and has set up a dedicated response portal. The company is offering 24 months of complimentary credit monitoring and identity theft restoration services through a third-party provider. This incident serves as a reminder that even