The Fedcap Group Data Breach Exposes Social Security Numbers and Driver’s Licenses

Non-profit data breach illustration
Breach Discovery: Not Publicly DisclosedBreach Notification: 18th June 2026

What Happened in the The Fedcap Group Data Breach?

The Fedcap Group, a nonprofit organization that provides education, workforce development, health and economic development services, recently disclosed a data breach affecting sensitive personal information. According to notification letters sent to affected individuals, an unspecified event occurred that may have exposed personal data. However, the organization did not reveal when this event actually took place, how long it lasted, or how the intrusion was detected.

Because the notification letter withheld these operational details, the exact method used by any attacker remains unknown. In addition, there is no public information yet describing whether this was a ransomware attack, unauthorized network access, or another type of security incident. As a result, affected individuals currently have limited insight into the technical circumstances surrounding the Fedcap Group data breach.

What is clear, though, is that The Fedcap Group took the matter seriously enough to notify multiple state regulators. The organization reported the breach to the Massachusetts Office of Consumer Affairs and Business Regulation, the New Hampshire Attorney General, and the Vermont Attorney General on June 22, 2026. Meanwhile, the company began mailing notification letters to affected consumers a few days earlier, on June 18, 2026, suggesting that an internal investigation had already reached conclusions before the regulatory filings were submitted.

Who was affected?

The Fedcap Group serves disadvantaged individuals through education, workforce training, health services, and economic development programs. Therefore, the people affected by this breach likely include program participants, clients, or individuals who received services through Fedcap’s various initiatives. Because Fedcap operates programs that assist vulnerable populations, this breach could disproportionately affect individuals who already face economic or social challenges.

At this time, the total number of people affected across the United States has not been publicly disclosed in the available regulatory filings. However, the fact that Fedcap notified regulators in three different states indicates that the breach likely spans a broad geographic area. Individuals in Massachusetts, New Hampshire, and Vermont have been confirmed as affected, though residents of other states may also be impacted.

What Information Was Potentially Exposed?

The notification letters confirm that specific categories of sensitive personal information were involved in this incident. This type of data is highly valuable to identity thieves because it can be used to open new accounts or impersonate victims in official transactions.

  • Social Security numbers
  • Driver’s license numbers

Because Social Security numbers were exposed, affected individuals face an elevated risk of identity theft. Criminals often use stolen Social Security numbers to open fraudulent credit accounts, file false tax returns, or apply for loans in someone else’s name. This type of fraud can take months to detect and even longer to fully resolve.

In addition, exposed driver’s license numbers can enable criminals to create fake identification documents or commit fraud that appears linked to the victim’s real identity. When both Social Security numbers and driver’s license numbers are compromised together, the combination makes it easier for fraudsters to pass identity verification checks used by banks and other institutions. Consequently, affected individuals should treat this breach as a serious and ongoing risk, not a one-time event.

What is the company doing?

In response to the breach, The Fedcap Group notified the appropriate state regulators, including the attorneys general of New Hampshire and Vermont, as well as the Massachusetts Office of Consumer Affairs and Business Regulation. This step reflects the organization’s legal obligation to report the incident to authorities in states where affected residents live. Meanwhile, the company also began mailing direct notification letters to affected individuals starting June 18, 2026.

As part of its ongoing response, The Fedcap Group is offering affected individuals 24 months of complimentary credit monitoring and identity protection services through Experian IdentityWorks. Individuals can enroll by visiting the Experian IdentityWorks enrollment page and entering the unique activation code included in their notification letter. Importantly, enrollment must be completed by September 30, 2026, so affected individuals should act promptly. For additional support, Fedcap has also established a dedicated call center to answer questions and assist with identity restoration efforts.

What Should Affected Individuals Do?

Enroll in the Offered Credit Monitoring Service

Because The Fedcap Group is offering 24 months of free credit monitoring through Experian IdentityWorks, affected individuals should take advantage of this benefit as soon as possible. This service can help detect suspicious activity on your credit file before it causes serious financial damage.

To enroll, simply visit the Experian IdentityWorks enrollment page and enter the activation code found in your notification letter. Since enrollment closes on September 30, 2026, it’s important not to delay. If you have questions about the process, you can call Fedcap’s dedicated call center for assistance.

Place a Fraud Alert or Credit Freeze

Given that Social Security numbers and driver’s license numbers were exposed, affected individuals should strongly consider placing a fraud alert or credit freeze with the three major credit bureaus. A fraud alert requires creditors to verify your identity before opening new accounts in your name. As a result, this simple step can prevent many common forms of identity theft.

A credit freeze offers even stronger protection because it restricts access to your credit report entirely. Because freezing your credit is free and can be lifted temporarily when needed, it’s one of the most effective tools available to consumers concerned about identity theft after a breach like this one.

Monitor Your Credit Reports Regularly

In addition to enrolling in monitoring services, affected individuals should regularly check their credit reports for unfamiliar accounts or inquiries. You can request free credit reports from each of the three major bureaus through the official government-authorized website. Reviewing these reports periodically throughout the year can help you catch fraud early.

If you notice any suspicious activity, report it immediately to the credit bureau and consider filing a report with the Federal Trade Commission. Because early detection often limits the damage caused by identity theft, consistent monitoring is essential in the months following this breach.

Stay Alert for Phishing Attempts

After a data breach, scammers often try to exploit victims through phishing emails, phone calls, or text messages pretending to be from the breached organization. Therefore, affected individuals should remain cautious about unsolicited communications requesting personal or financial information.

Always verify the identity of anyone contacting you by using official phone numbers or websites rather than links provided in suspicious messages. If you’re ever unsure whether a request is legitimate, contact The Fedcap Group directly using verified contact information rather than responding to the message itself.

Consider Consulting a Data Breach Attorney

Because sensitive information like Social Security numbers and driver’s license numbers was involved, affected individuals may want to speak with a data breach attorney to understand their legal options. An attorney can help evaluate whether you qualify for compensation related to this incident.

Many attorneys offer free consultations, so there’s little risk in exploring your options. This step can be especially helpful if you experience financial losses or identity theft linked to this breach in the future.



More Information

The Fedcap Group Inc.

Massachusetts Office of Consumer Affairs and Business Regulation

New Hampshire Attorney General

Vermont Attorney General

Experian IdentityWorks enrollment page

Related Data Breaches