OnTrac data breach exposes 40,000 customer’s personal information
NEWYou can now listen to Fox News articles!
Thousands of people have had their sensitive personal information exposed in a data breach at U.S. delivery company OnTrac. The breach occurred between April 13 and April 15, 2025, and impacted over 40,000 individuals across the country.
OnTrac operates 64 facilities in 31 states and runs four major sorting centers nationwide. The company, acquired by LaserShip in 2021, has annual revenues of roughly $1.5 billion.
The breach notification letters confirm that attackers accessed sensitive data that can fuel identity theft and fraud.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER
TRANSUNION BECOMES LATEST VICTIM IN MAJOR WAVE OF SALESFORCE-LINKED CYBERATTACKS, 4.4M AMERICANS AFFECTED
OnTrac data breach puts tens of thousands at risk of identity theft, exposing personal information including Social Security numbers. (Kurt “CyberGuy” Knutsson)
OnTrac data breach exposes sensitive information
According to documents filed with the Maine Attorney General, cybercriminals may have gained access to:
- Names and dates of birth
- Social Security numbers (SSNs)
- Driver’s license or state IDs
- Medical information
- Health insurance information
Unlike stolen credit cards, medical data and SSNs cannot simply be replaced. That makes this breach especially dangerous.
Why the OnTrac breach puts your identity at risk
Exposed SSNs and IDs create serious risks of identity theft. Criminals could open fraudulent bank accounts, file false tax returns or take over benefits.
The exposure of medical records adds another layer of risk. Stolen health data is valuable on the dark web, where it can be used for extortion, fraudulent insurance claims or illegal prescription drug purchases.
Fox News Digital reached out to OnTrac for comment but did not immediately hear back.
NEARLY A MILLION PATIENTS HIT BY DAVITA DIALYSIS RANSOMWARE ATTACK
Cybercriminals steal Social Security and medical data in an OnTrac hack, exposing users’ data. (Annette Riedl/picture alliance via Getty Images)
How to protect yourself after the OnTrac data breach
If you received an OnTrac breach notification letter, or even if you simply want to be proactive, here are key steps you can take to reduce your risk of identity theft and fraud.
1) Enroll in free credit monitoring
OnTrac is offering 12 months of complimentary credit monitoring and identity protection. Use the activation code included in your breach letter to set up your coverage. These services can alert you if new accounts are opened in your name or if suspicious activity appears on your credit file. Even if you weren’t directly affected, consider signing up for a trusted identity protection service, since hackers often recycle stolen data across multiple breaches.
Identity theft companies can monitor personal information – like your Social Security Number (SSN), phone number and email address – and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com/IdentityTheft
2) Freeze your credit
Place a free credit freeze with all three major credit bureaus: Equifax, Experian and TransUnion. This blocks criminals from opening new credit lines using your information. A freeze doesn’t affect your current accounts, and you can temporarily lift it when applying for legitimate credit.
3) Use a personal data removal service
Your breached data may already be circulating on shady broker sites. Personal data removal services can help scrub your information from these databases, reducing the risk that criminals will resell or reuse your details. While no service can guarantee 100% protection, this step can shrink your digital footprint significantly.
They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan
4) Watch for phishing attempts and use antivirus software
After breaches like OnTrac’s, scammers often send fake emails, texts or calls pretending to be your bank, insurer or even OnTrac itself. Do not click on links or open attachments from unknown senders. Instead, contact the company directly using a verified phone number or website. Use strong antivirus software to add an extra layer of defense.
The best way to safeguard yourself from malicious links that install malware, which potentially accesses your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com/LockUpYourTech
5) Monitor your medical benefits
Stolen personal data can also be used for medical identity theft. Regularly check your health insurance Explanation of Benefits (EOB) statements for claims you don’t recognize. Report suspicious charges to your insurer right away – unfamiliar claims could mean someone is trying to use your benefits.
6) Enable multi-factor authentication (MFA)
For any online account that supports it, especially banking, insurance, and email, turn on multi-factor authentication. MFA makes it much harder for criminals to break in, even if they have your password.
7) Set up account alerts
Most banks and credit card issuers let you receive real-time text or email alerts for purchases, withdrawals and logins. These alerts can help you spot unauthorized activity quickly, giving you a better chance of stopping fraud before it escalates.
MEDICARE DATA BREACH EXPOSES 100,000 AMERICANS’ INFO
Over 40,000 Americans were exposed in a massive OnTrac security breach that leaked sensitive medical and financial records. (Jakub Porzycki/NurPhoto via Getty Images)
Kurt’s key takeaways
The OnTrac data breach is a harsh reminder that sensitive information can slip into the wrong hands in just days, yet the effects can last for years. While you cannot undo what happened, you can take practical steps right now to lower your risk. Freezing your credit, turning on alerts and keeping an eye on medical and financial accounts give you back some control. By staying alert and using the tools available, you can make it much harder for criminals to misuse your personal details. A little effort today can save you from big headaches tomorrow.
CLICK HERE TO GET THE FOX NEWS APP
Do you think companies should face tougher penalties when they fail to protect sensitive personal and medical data? Let us know by writing to us at Cyberguy.com/Contact
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER
Copyright 2025 CyberGuy.com. All rights reserved.