Ubeo Data Breach Exposes Social Security Numbers and Driver’s License Information

Other Commercial data breach illustration
Breach Discovery: Not Publicly DisclosedBreach Notification: 12th June 2026

What Happened in the Ubeo Data Breach?

Ubeo Midco LLC, a corporate entity within the Ubeo group of companies, recently disclosed a data breach that compromised sensitive personal information belonging to thousands of consumers. Ubeo is a U.S.-based business technology and document management company headquartered in San Antonio, Texas. The company provided very limited public details about how the incident occurred.

In its notification letters, Ubeo directed affected individuals to call a dedicated assistance line for more information about the breach. Because the notification did not describe the method of attack, it remains unclear whether this was a ransomware incident, an unauthorized access event, or another form of cyberattack. As a result, the exact timeline of the intrusion has not been publicly disclosed.

What is clear is that Ubeo identified enough about the incident to begin notifying regulators and consumers. The company reported the breach to multiple state attorneys general, including those in Texas, Massachusetts, and Vermont. This regulatory filing process typically follows an internal investigation, which suggests Ubeo undertook some form of forensic review before sending notification letters on June 12, 2026.

Who was affected?

The Ubeo data breach affected individuals whose personal information was stored in the company’s systems. Because Ubeo operates in business technology and document management, those affected could include customers, employees, or other individuals whose records passed through the company’s services.

According to figures reported to state regulators, 3,845 individuals across the United States were affected. Of that total, 1,701 were Texas residents and 86 were Massachusetts residents. This geographic spread indicates the breach reached consumers well beyond Ubeo’s San Antonio headquarters.

The presence of medical information and health insurance information among the exposed data suggests some affected individuals may have interacted with Ubeo through healthcare-related document processing. However, the source material does not specify whether minors were included among the affected population. It also does not clarify whether the affected individuals were primarily customers, employees, or a mix of both.

What Information Was Potentially Exposed?

The data compromised in this breach included several categories of highly sensitive personal information. This combination of identity and health-related data creates meaningful risk for those affected.

  • Full names
  • Social Security numbers
  • Home addresses
  • Driver’s license numbers
  • Medical information
  • Health insurance information

This type of exposure raises serious concerns about identity theft. Because Social Security numbers and driver’s license numbers were involved, criminals could use this information to open new credit accounts, file fraudulent tax returns, or apply for loans in a victim’s name. In addition, combining this data with an address makes it easier for scammers to impersonate victims convincingly.

The exposure of medical information and health insurance details adds another layer of risk. Consequently, affected individuals could face medical identity theft, where someone uses their health insurance information to obtain treatment or prescriptions fraudulently. This can lead to inaccurate medical records and unexpected bills. Furthermore, health data is often used in targeted phishing scams because it feels more personal and can trick victims into responding.

What is the company doing?

Ubeo responded to the breach by notifying affected consumers and relevant state regulators. The company mailed individual notification letters on June 12, 2026, informing recipients about the exposure and outlining steps they can take. Ubeo also disclosed the incident to the attorneys general of Texas, Massachusetts, and Vermont, which is a standard step required under state breach notification laws.

As part of its ongoing response, Ubeo is offering 24 months of complimentary single-bureau credit monitoring and fraud assistance through Cyberscout. Affected individuals can enroll by visiting the Cyberscout activation page and entering the unique code included in their notification letter. Enrollment must be completed within 90 days of the letter’s date, so timely action matters.

Ubeo additionally established a dedicated assistance line for people with questions about the incident. The line operates from 8 a.m. to 8 p.m. Eastern time, Monday through Friday, excluding major U.S. holidays. This resource allows affected individuals to ask specific questions about their exposure and the enrollment process.

What Should Affected Individuals Do?

Enroll in Credit Monitoring Promptly

Anyone who received a notification letter from Ubeo should enroll in the offered credit monitoring service as soon as possible. Because enrollment must happen within 90 days of the letter’s date, waiting too long could mean losing access to this free protection.

To enroll, visit the Cyberscout activation page and enter the unique code from your letter. This monitoring service can help detect suspicious activity early, giving you a better chance to respond before serious damage occurs.

Consider a Fraud Alert or Credit Freeze

Because Social Security numbers and driver’s license numbers were exposed, affected individuals should strongly consider placing a fraud alert or credit freeze on their credit files. A fraud alert requires lenders to verify your identity before opening new credit, while a credit freeze blocks access to your credit report entirely.

You can request a fraud alert through any one of the three major credit bureaus, and it will notify the other two automatically. In contrast, a credit freeze must be requested separately from each bureau. Either option adds a meaningful barrier against identity thieves trying to open accounts in your name.

Watch for Medical Identity Theft

Since medical information and health insurance details were part of this breach, affected individuals should review their health insurance statements carefully. Look for any services, prescriptions, or claims you don’t recognize.

If you spot unfamiliar entries, contact your health insurance provider immediately to dispute them. This step matters because medical identity theft can lead to incorrect information in your health records, which could affect future treatment decisions.

Stay Alert for Phishing Attempts

Scammers often use breached information to craft convincing phishing emails, texts, or phone calls. Because your name, address, and other personal details were exposed, be cautious about unexpected messages asking you to click links or share more information.

Legitimate companies rarely ask for sensitive details through unsolicited communication. Therefore, if you receive a suspicious message referencing this breach, verify it directly through Ubeo’s dedicated assistance line rather than responding to the message itself.

Monitor Your Credit Reports Regularly

In addition to enrolling in credit monitoring, request free copies of your credit reports from all three major bureaus. Review them for any accounts or inquiries you don’t recognize.

You are entitled to a free credit report from each bureau annually, though many consumers now qualify for more frequent free access. Regularly checking your reports helps you catch identity theft early, which makes resolving any fraudulent activity much easier.



More Information

Official Source

Official Data Breach Notification Letter (PDF)

Official Source

Official Source

Official Source

Official Source

Related Data Breaches