What should I do if I was affected by a data breach?

If you were affected by a data breach, you should immediately monitor your financial accounts, place a fraud alert or credit freeze with the major credit bureaus (Equifax, Experian, and TransUnion), change passwords for affected accounts, and consult a data breach lawyer to understand your legal rights and potential compensation options. Act quickly — statutes of limitations apply.

Can I receive financial compensation after a data breach?

Yes. Victims of data breaches may be eligible for financial compensation through class action lawsuits or individual claims. Recoverable damages can include identity theft losses, out-of-pocket expenses, lost time, and compensation for the ongoing risk of future harm. A free consultation with a data breach attorney can help determine your eligibility.

How long do I have to file a data breach lawsuit?

Statutes of limitations for data breach claims vary by state, typically ranging from one to three years from the date you discovered — or reasonably should have discovered — the breach. In some states, the clock starts from the breach date itself. Contact a data breach lawyer as soon as possible to preserve your rights.

Virta Health Data Breach

What Happened?

Virta Health discovered suspicious activity involving a data repository that contained historical patient and healthcare information. Following an investigation, the company determined that an unauthorized party potentially accessed files stored within the repository during a three-day period in March 2026.

The organization emphasized that the affected repository was separate from its current production platform. However, a subsequent review confirmed that sensitive personal and healthcare-related information was present within the compromised files.

After completing its investigation, Virta Health notified regulators and began informing potentially affected individuals of the incident.

Who was affected?

Not publicly disclosed

What Information was taken?

The compromised data may have included a wide range of personal and medical information, including:

Full names
Social Security numbers
Individual Taxpayer Identification Numbers (ITINs)
Dates of birth
Contact information
Health insurance information
Medical diagnosis information
Medical condition and treatment information
Dates of medical services
Physician and medical facility information
Medical record numbers
Unique health identifiers

The exposure of both personal and healthcare information significantly increases the risk of identity theft and fraudulent use of medical records.

How Did Virta Health's Response?

Following the discovery of the incident, Virta Health launched an investigation and conducted a detailed review of the affected repository to determine what information may have been exposed.

The company has also begun notifying impacted individuals and is offering 12 months of complimentary single-bureau credit monitoring, credit reporting, and credit score services to eligible individuals.

These services are designed to help affected individuals detect suspicious activity and respond quickly if signs of identity theft emerge.

In addition, Virta Health published a notice regarding the data incident and provided information to help individuals protect their personal information.

What can you do?

Anyone who receives a notification from Virta Health should consider taking the following precautions:

Monitor Credit Reports

Review credit reports regularly for unfamiliar accounts, inquiries, or suspicious activity. Consumers are entitled to free credit reports through AnnualCreditReport.com.

Consider a Fraud Alert

A fraud alert notifies lenders to take additional steps to verify identity before opening new credit accounts.

Freeze Credit Files

A security freeze can prevent unauthorized individuals from opening new accounts using stolen personal information.

Review Health Insurance Statements

Because medical and health insurance information may have been exposed, individuals should carefully review insurance explanations of benefits and healthcare billing records for unfamiliar services.

Watch for Phishing Attempts

Cybercriminals often use breach-related information to create convincing phishing emails, text messages, and phone calls. Be cautious when responding to unexpected communications requesting personal information.

Monitor Tax Records

Since taxpayer identification information may have been exposed, affected individuals should remain alert for signs of tax-related fraud or unauthorized filings.

Links for more information

California Attorney General

Notice of Data Breach