OnTrac Data Breach Exposes 40,000 Individuals’ Sensitive Info
A massive data breach at U.S. delivery company OnTrac has exposed the personal information of over 40,000 people, including Social Security numbers and medical records. The breach occurred between April 13 and April 15, 2025, raising serious concerns about identity theft and financial fraud.
OnTrac, which operates 64 facilities across 31 states, was acquired by LaserShip in 2021. The company reported annual revenues of approximately $1.5 billion. The breach notification letters issued to affected customers confirm that cybercriminals accessed sensitive data that can be exploited for identity theft and financial fraud.
The exposed data, including Social Security numbers and medical records, poses a significant risk. Unlike stolen credit card information, these details cannot be easily replaced, making them highly valuable to criminals. Cybercriminals can use this information to open fraudulent bank accounts, file false tax returns, or take over benefits.
Medical records add an additional layer of risk, as stolen health data is highly sought after on the dark web. This data can be used for extortion, fraudulent insurance claims, or illegal prescription drug purchases. The threat of these risks highlights the serious consequences of data breaches affecting sensitive personal information.
OnTrac has taken steps to mitigate the impact by offering 12 months of complimentary credit monitoring and identity protection services to those affected. The company is encouraging individuals to use the activation code provided in their breach notification letters to access these services. Even those not directly affected are advised to consider signing up for identity protection services, as stolen data is often reused across multiple breaches.
Experts recommend additional measures to protect against identity theft, such as placing a free credit freeze with all three major credit bureaus: Equifax, Experian, and TransUnion. This action blocks criminals from opening new credit lines using the affected person’s information. A credit freeze does not impact existing accounts and can be temporarily lifted when applying for legitimate credit.
Data removal services are also suggested as a proactive measure. These services can help scrub personal information from shady broker sites, reducing the risk that criminals will resell or reuse the data. While no service can guarantee complete protection, this step can significantly reduce the digital footprint of the affected individuals.
Strong antivirus software is recommended to add an extra layer of defense against malicious links and phishing attempts. Experts also advise users to enable multi-factor authentication for online accounts, particularly for banking, insurance, and email, as this makes it much harder for criminals to access personal accounts.
In addition to these protective measures, individuals are encouraged to monitor their health insurance Explanation of Benefits (EOB) statements regularly for any unfamiliar claims, as these could indicate unauthorized use of their insurance benefits.
The OnTrac data breach serves as a stark reminder of the dangers associated with data breaches. While the breach itself cannot be undone, individuals can take practical steps to reduce their risk of identity theft and fraud. By staying vigilant and using available tools, people can take control of their personal information and mitigate the potential damage caused by the breach.
Experts suggest that companies like OnTrac should face stricter penalties for failing to protect sensitive personal and medical data. This would encourage stronger data security measures and more accountability in protecting consumer information. As the number of data breaches continues to rise, the need for robust cybersecurity measures has never been more urgent.