What Happened in the Reframe Data Breach?
Glucobit Inc., doing business as Reframe, has reported a data breach involving unauthorized access to its systems. The Georgia-based wellness services company disclosed the incident through filings with state attorneys general, describing it as a hacking or IT incident. According to the filing, the intrusion is tied to May 1, 2026.
The Reframe data breach became public when the company submitted notice to regulators in California and Texas. As a result, affected individuals began receiving breach notification letters. However, the publicly available filing does not explain exactly how the hackers gained access or when Reframe first discovered the intrusion.
Because these details are limited, affected individuals should rely on their own notice letter for specifics. In addition, official updates from the company may offer more complete information as the investigation continues. At this time, it remains unclear whether a third-party vendor played any role in the incident.
Who was affected?
The Reframe data breach affects people who used Glucobit’s wellness services and had personal information stored in the company’s systems. This likely includes current and former clients who trusted the company with sensitive health-related details.
According to the filing, the reported affected population totals 43,902 individuals. This number reflects the population identified in state regulatory filings as of the notification date. Consequently, anyone who used Reframe’s services and has not yet received a notice may want to contact the company directly to confirm their status.
What Information Was Potentially Exposed?
The filing indicates that specific categories of personal information may have been exposed in this incident. Because health information was involved, the exposure carries particular risks for those affected. Below is a summary of the data types identified in the public filing.
- Full names
- Health records
Health-related information deserves special attention because it can reveal sensitive medical or wellness details about a person’s life. For example, criminals could use this data to craft convincing phishing messages that reference specific medical conditions or treatments. This tactic makes scams more believable and harder to spot.
In addition, exposed health records can lead to medical identity theft, where someone uses stolen information to obtain treatment or prescriptions under another person’s name. This type of fraud can be difficult to detect and may affect medical records and insurance coverage. Therefore, affected individuals should stay alert to unfamiliar activity tied to their health accounts.
What is the company doing?
Glucobit Inc. reported the incident to attorneys general in California and Texas, which is a required step under state breach notification laws. The company also began notifying affected individuals directly, with notices dated June 30, 2026. This notification process allows people to learn whether their information was involved.
However, the public filing does not detail whether Reframe is offering credit monitoring, identity protection services, or other support to affected individuals. Anyone who received a notice should check the letter closely, since it may describe specific remedies or services offered by the company. If no such services are mentioned, individuals may still want to take independent protective steps.
What Should Affected Individuals Do?
Review Your Breach Notification Letter Carefully
If you received a notice from Reframe, read it in full before taking any action. The letter should explain what type of information was involved and when the company believes the incident occurred. It may also describe any support services being offered, so it’s worth checking for specific instructions relevant to your situation.
Watch for Phishing and Impersonation Attempts
Because names and health records were exposed, scammers may attempt to impersonate Reframe or related healthcare providers. Be cautious of unexpected emails, texts, or phone calls referencing wellness services, medical records, or account verification. Never click links or share personal details in response to unsolicited messages, and instead verify requests directly with the company through official channels.
Monitor Health and Financial Records Closely
Given that health records were part of this breach, affected individuals should review insurance explanations of benefits, provider bills, and medical statements for unfamiliar activity. This helps catch signs of medical identity theft early. In addition, checking bank and credit card statements regularly can reveal any unauthorized financial activity linked to the exposure.
Consider a Fraud Alert or Credit Freeze
Even though Social Security numbers were not specifically listed in the filing, placing a fraud alert or credit freeze adds an extra layer of protection. This step makes it harder for anyone to open new accounts using your identity. You can contact any of the three major credit bureaus to place a fraud alert, which then notifies the other two automatically.
Keep Records and Monitor Your Credit Reports
Save your notification letter and document any suspicious activity or time spent addressing the incident. Regularly check your credit reports through the major bureaus to spot new accounts or inquiries you don’t recognize. If you notice anything unusual, report it promptly and consider speaking with a data breach attorney to understand your options.
