What Happened in the Tyree Oil Data Breach?
Tyree Oil, a family-owned petroleum marketer based in Eugene, Oregon, recently confirmed a data breach affecting its customers. The Tyree Oil data breach stemmed from a ransomware attack carried out by a group known as PLAY. This group claimed responsibility for the intrusion on July 8, 2025.
According to the notification, PLAY threatened to publish stolen data on the Tor dark web starting July 10, 2025, if its demands were not met. The attackers claimed to have obtained a range of confidential company and client documents. These included budget records, payroll data, accounting files, tax information, identification documents, and other financial records.
Because ransomware groups typically exfiltrate data before deploying encryption, the timeline suggests the attackers accessed Tyree Oil’s systems well before the July 2025 claim of responsibility. As a result, the company launched an investigation to determine the scope of the intrusion and identify exactly whose information was involved.
Following the forensic review, Tyree Oil began notifying affected individuals and regulators. The company reported the incident to the Massachusetts Office of Consumer Affairs and Business Regulation and to the Oregon Attorney General starting March 6, 2026. This notification process allowed affected individuals to learn that their personal data had been compromised.
Who was affected?
The Tyree Oil data breach affected a total of 4,821 individuals. Among those impacted, at least three individuals reside in Massachusetts, though the broader population likely spans other states as well. Because Tyree Oil operates as a petroleum marketer, those affected are primarily customers and possibly employees whose records were stored in company systems.
The exact breakdown between customers, employees, and other categories of individuals has not been publicly disclosed. However, the range of exposed data, including payroll and tax records, suggests that both current and former employees may be among those affected. In addition, customers who provided payment or identification information could also be impacted.
It remains unclear whether minors are among the affected individuals. Given that health insurance information was involved, dependents covered under employee health plans could also be part of the affected population. Anyone who received a notification letter from Tyree Oil should assume their information was part of the exposed dataset.
What Information Was Potentially Exposed?
The breach involved a broad set of sensitive personal and financial data. Because Tyree Oil handles both commercial accounts and consumer transactions, the exposed information spans several categories that could pose serious risks to affected individuals.
- Full names
- Social Security numbers
- Driver’s license numbers or state ID numbers
- Financial account numbers with routing numbers
- Payment card numbers with expiration dates and CVV codes
- Credit and debit card numbers
- Health insurance information
- Health information
- Payroll data
- Tax information
- Accounting and budget records
This combination of data is particularly concerning because it includes both identity verification details and financial account information. For example, a criminal who has a Social Security number alongside a driver’s license number can attempt to open new credit accounts or file fraudulent tax returns. Similarly, exposed payment card data with CVV codes could allow direct unauthorized charges.
In addition to financial fraud, the exposure of health insurance and health information raises the risk of medical identity theft. This occurs when someone uses another person’s health insurance details to obtain medical services or prescriptions. Because these breaches often surface months or years later, affected individuals should remain alert well into the future.
What is the company doing?
In response to the incident, Tyree Oil launched an investigation to understand how the breach occurred and which records were affected. The company also notified state regulators, including the Massachusetts Office of Consumer Affairs and Business Regulation and the Oregon Attorney General, as required by law.
As part of its response, Tyree Oil is offering complimentary credit monitoring services to affected individuals. However, this service must be activated within 90 days of receiving the notification letter, so prompt action is important. This monitoring is designed to alert individuals to suspicious activity appearing on their credit reports.
Beyond credit monitoring, Tyree Oil has recommended that affected individuals place a one-year fraud alert on their credit files at no cost. This step notifies creditors that they must verify a person’s identity before opening new accounts in that person’s name. The company has also outlined the option of placing a security freeze on credit files for added protection.
What Should Affected Individuals Do?
Activate Credit Monitoring and Review Your Credit Reports
If you received a notification letter, activate the complimentary credit monitoring offered by Tyree Oil as soon as possible. Because the enrollment window is limited to 90 days from the date of the letter, delaying could mean losing this protection entirely.
In addition to enrolling in monitoring, request free credit reports from the three major credit bureaus: Equifax, Experian, and TransUnion. Carefully review each report for accounts or inquiries you don’t recognize. If you spot anything suspicious, dispute it immediately and keep records of your communications.
Place a Fraud Alert or Credit Freeze
Because Social Security numbers and financial account details were exposed, placing a fraud alert on your credit file is a smart precaution. This alert requires creditors to verify your identity before approving new credit in your name, which can slow down identity thieves.
For even stronger protection, consider placing a full security freeze on your credit files with each bureau. This restricts nearly all access to your credit report, making it much harder for anyone to open new accounts without your explicit consent. While a freeze requires you to lift it temporarily when applying for credit yourself, it offers one of the strongest defenses available.
Protect Against Medical Identity Theft
Since health insurance information and health records were part of this breach, affected individuals should watch for signs of medical identity theft. This can include unfamiliar charges on insurance statements or bills for services you never received.
Therefore, review any explanation of benefits statements from your health insurer closely. If you notice unfamiliar providers or services listed, contact your insurer right away. Keeping a record of your normal medical providers and appointments can help you quickly spot anything out of place.
Stay Alert to Phishing Attempts
Following a breach like this, scammers often use stolen information to craft convincing phishing emails, texts, or phone calls. These messages may pretend to be from Tyree Oil, a bank, or a government agency asking for personal details.
As a result, never click links or provide personal information in response to unsolicited messages. Instead, verify any request by contacting the organization directly through a known phone number or website. Because scammers often create urgency, taking a moment to pause before responding can prevent costly mistakes.
Consider Consulting a Data Breach Attorney
Given the sensitivity of the exposed data, including Social Security numbers and payment card details, affected individuals may want to explore their legal options. A data breach attorney can help evaluate whether you qualify for compensation related to this incident.
Many attorneys offer free consultations to review your specific situation at no cost or obligation. This means you can better understand your rights, potential deadlines, and whether joining a claim makes sense for you, without any upfront financial commitment.
