Empire Express Data Breach Exposes Social Security Numbers and Medical Information

Other Commercial data breach illustration
Breach Discovery: 15th April 2026Breach Notification: 1st June 2026

What Happened in the Empire Express Data Breach?

Empire Express Inc., a trucking and logistics company based in Memphis, Tennessee, has confirmed a data breach that exposed sensitive personal information belonging to thousands of people. The Empire Express data breach came to light after a ransomware group known as DragonForce posted a claim on the dark web. In that posting, the group stated it had obtained roughly 93.74 GB of data from the company.

According to the posting, DragonForce threatened to publish the stolen files within four to five days unless its demands were met. This posting appeared on Feb. 13, 2026. However, Empire Express did not report discovering the breach until mid-April, roughly two months later. This gap between the criminal posting and the company’s discovery highlights how these incidents can go unnoticed for weeks before an organization becomes aware of them.

After learning of the incident, Empire Express began an investigation to determine what happened and which records were affected. As a result of that review, the company identified specific categories of personal and medical information involved in the intrusion. Empire Express then moved to notify affected individuals and the appropriate state regulators about the breach.

The company reported the breach to the attorneys general offices in Indiana, Maine, Massachusetts, and Texas. These filings are a standard part of the notification process required under state data breach laws. Because the incident involved a ransomware group claiming responsibility, it fits a pattern seen across many recent supply chain and logistics sector attacks.

Who was affected?

The Empire Express data breach affected 5,438 individuals in the United States. Of that total, 435 people were residents of Texas, and 3 were residents of Indiana. This suggests the affected population is spread across multiple states, though most notified residents live outside those two specifically named states.

It remains unclear whether those affected are primarily customers, employees, or another group connected to Empire Express’s operations. The company has not publicly disclosed further details about the relationship these individuals have to the business. Given that the breach included medical information and health insurance details, it’s possible that some affected individuals were enrolled in an employer-sponsored health plan through the company.

Because trucking and logistics companies often handle both driver personnel records and business partner data, the affected population could include current and former employees. In addition, it’s possible some affected records belong to job applicants or contractors. Without further public disclosure, the exact makeup of the affected group cannot be confirmed.

What Information Was Potentially Exposed?

The Empire Express data breach compromised several categories of sensitive personal information. According to the company’s own disclosure, the exposed data includes the following types of information.

  • Full names
  • Social Security numbers
  • Driver’s license numbers
  • Medical information
  • Health insurance information

This combination of data is particularly concerning because it blends financial identifiers with health-related records. For example, Social Security numbers and driver’s license numbers are often enough on their own to open new credit accounts or file fraudulent tax returns in someone else’s name. When combined with medical and health insurance details, criminals also gain the tools needed to commit medical identity theft.

As a result, affected individuals face multiple types of fraud risk at once. Someone could use a stolen Social Security number to apply for loans, credit cards, or government benefits. Meanwhile, stolen health insurance information could be used to receive medical treatment or submit fraudulent insurance claims under another person’s name. Because these risks can surface months or even years later, ongoing vigilance is essential.

What is the company doing?

In response to the breach, Empire Express notified affected individuals by mail and provided guidance on protective steps. The company’s notification letter included direct contact information for all three major credit bureaus: Equifax, Experian, and TransUnion. This included phone numbers, mailing addresses, and website links so recipients could request a credit freeze if they chose to.

In addition to the credit bureau information, Empire Express advised individuals who suspect misuse of their information to file a report with local law enforcement. The company also recommended keeping a copy of any police report, noting that creditors may require this documentation to resolve fraudulent debts. Furthermore, Empire Express pointed affected individuals toward the Federal Trade Commission’s identity theft resources, including the FTC’s website, phone hotline, and mailing address for filing complaints.

What Should Affected Individuals Do?

Place a Credit Freeze or Fraud Alert

Anyone notified about the Empire Express data breach should strongly consider placing a security freeze on their credit reports. A freeze restricts access to your credit file, making it much harder for identity thieves to open new accounts in your name. Because Social Security numbers and driver’s license numbers were both exposed, this step is especially important here.

To place a freeze, contact Equifax, Experian, and TransUnion separately, since each bureau maintains its own file. Each bureau accepts freeze requests online, by phone, or by mail. Once a freeze is in place, you can lift it temporarily whenever you need to apply for new credit.

Monitor Your Credit Reports Regularly

In addition to freezing your credit, you should request your free credit reports at AnnualCreditReport.com. Reviewing these reports lets you check for accounts or inquiries you don’t recognize. If you spot anything suspicious, you can dispute it directly with the credit bureau involved.

Because identity theft from a breach like this can take months to surface, it helps to check your reports periodically rather than just once. Even if nothing looks wrong immediately, continued monitoring over the coming months is a smart precaution. This is one of the simplest ways to catch fraud early before it causes lasting damage.

Watch for Medical and Health Insurance Fraud

Since health insurance information was exposed in this breach, affected individuals should carefully review their explanation of benefits statements. Look for medical services, prescriptions, or procedures you don’t recognize. If something seems off, contact your insurer right away to report the discrepancy.

Medical identity theft can be harder to detect than financial fraud because it often shows up as an insurance statement rather than a bank alert. As a result, it’s worth setting a reminder to review these statements every month for the next year. Catching fraudulent claims early can prevent complications with your actual medical records and insurance coverage.

Stay Alert for Phishing Attempts

Scammers often use news of a data breach to craft convincing phishing messages. Because the Empire Express data breach has been publicly reported, affected individuals should be cautious of any emails, texts, or calls referencing the incident by name. Legitimate companies rarely ask for sensitive information over email or phone.

If you receive a suspicious message claiming to be from Empire Express or a related organization, avoid clicking any links. Instead, verify the request by contacting the company directly through a known, official phone number. This extra step can prevent scammers from tricking you into handing over even more personal information.

Report Suspicious Activity Promptly

If you notice signs of fraud, such as unfamiliar accounts, unexpected bills, or unauthorized charges, file a report with local law enforcement immediately. Obtaining a copy of that police report can be important later, since some creditors require it to resolve fraudulent debts opened in your name.

You can also file a complaint with the FTC at www.ftc.gov/idtheft, by phone, or by mail. Taking these steps quickly creates a documented record of the fraud. This record can strengthen your case if you decide to dispute charges or consult an attorney about your legal options following this breach.



More Information

Official Notice from Empireexpress

Official Data Breach Notification Letter (PDF)

Official Notice from Maine

Official Notice from Mass

Official State Attorney General Notification

Related Data Breaches