Cornwell Data Breach Exposes Personal and Health Information
Cornwell recently confirmed a data breach that compromised both personal identifiable information (PII) and protected health information (PHI). The company disclosed the incident to the Maine Attorney General’s Office, emphasizing that an unauthorized third party accessed its systems and may have stolen highly sensitive data.
Cornwell first detected unusual activity on its computer network on December 20, 2024. As soon as the company identified the suspicious behavior, it immediately launched a full-scale cybersecurity investigation. With the support of external experts, Cornwell worked to determine exactly what had happened and how far the Cornwell cyber attack had spread.
Soon after, investigators confirmed that on or around December 12, 2024, a hacker infiltrated Cornwell’s systems and potentially extracted confidential records. Following this confirmation, Cornwell initiated a comprehensive review process to determine precisely which types of information had been exposed and which individuals were impacted. That extensive review reached completion on August 4, 2025.
Information Exposed in the Cornwell Data Breach
The type of personal data impacted varies depending on the individual. However, the Cornwell data breach may have exposed:
Names
Social Security numbers
Financial account information
Driver’s license numbers
Medical information
Notification to Affected Individuals
After completing its review, Cornwell transitioned quickly into the notification phase. On September 4, 2025, the company began mailing data breach notification letters to individuals whose information had been affected. These letters not only detail the types of sensitive information exposed but also provide recipients with complimentary credit monitoring services to help reduce the risk of identity theft.
Steps Impacted Individuals Should Take
Because the Cornwell data breach involves highly sensitive data, including Social Security numbers and financial account details, affected individuals face a heightened risk of fraud. Therefore, Cornwell strongly encourages those impacted to take immediate protective measures. For example, individuals should closely monitor bank accounts, review their credit reports, and activate the credit monitoring tools provided at no cost.
Legal Help?
If you received a breach notification letter, your personal information may have been compromised. You have rights, and you may be entitled to legal remedies.
We want to help you understand your options. Fill out the online form or drop us a line info@databreachrights.com to discuss your rights and the steps you can take to protect yourself.