Episource Data Breach Lawsuit Investigation
On November 12, 2025, healthcare technology company Episource notified regulators and impacted individuals of a cybersecurity incident that exposed sensitive patient and member information earlier in the year. If you received an Episource data breach letter, you may be entitled to free credit monitoring and potential compensation.
Take action: review what was exposed, enroll in the complimentary identity-protection service, and explore your legal options below.
Key Timeline of the Episource Cybersecurity Incident
- January 27 – February 6, 2025: Unauthorized actor accessed Episource systems.
- February 6, 2025: Intrusion discovered; systems taken offline; law enforcement contacted.
- April 23, 2025: Episource began informing customer organizations of specific data involved.
- November 12, 2025: Consumer notification letters mailed and filed with the California Attorney General.
What Information Was Exposed?
The data varied by individual. According to the company’s notice, the breach may have included:
- Contact details (name, address, phone number, email)
- Health insurance information (plan or policy details, insurer name, member/group ID, Medicaid/Medicare payor IDs)
- Health data (medical record numbers, diagnoses, prescriptions, test results, images, care & treatment information, physician names)
- Date of birth
- Social Security number (limited instances)
Episource’s Response
Episource, LLC (Episource) states it immediately contained the threat, engaged cybersecurity specialists, notified law enforcement, and is “making [its] computer systems even stronger than before.”
Free Identity Protection Services
The company is offering two years of complimentary credit monitoring and identity theft protection through IDX. Impacted consumers received an enrollment code and can sign up online or via QR code provided in the letter.
Download Official Breach Notice (PDF)Next Steps for Affected Individuals
The notification packet includes detailed instructions on how to enroll in the IDX service and additional tips for safeguarding personal data. Episource advises recipients to:
- Activate the free credit monitoring as soon as possible.
- Review accounts and insurance statements for unfamiliar activity.
- Follow the personal-security checklist enclosed with your letter.
Company Overview
- Website: episource.com
- Headquarters: 500 W. 190th Street, Suite #400, Gardena, CA USA
- Industry: Digital Healthcare / Health Data Analytics
- Founded: 2006
- Employees: ~8,000
- Parent Company: Optum
- Contact Page: episource.com/contact
Social Media: LinkedIn | X | Facebook | YouTube | Instagram
Frequently Asked Questions
- I received a data breach letter from Episource — what should I do?
- Follow the letter’s instructions to enroll in the free IDX credit-monitoring service and review the enclosed security tips.
- How do I submit a claim related to the Episource data breach?
- You can consult a qualified data-privacy attorney about potential compensation. Keep your notification letter and any expenses associated with fraud as documentation.
- Am I eligible to join a lawsuit against Episource?
- Eligibility depends on factors such as residency and proof of impact. Speaking with legal counsel is the quickest way to determine your options.
- What information did the Episource breach expose?
- Possible exposure includes contact details, health insurance information, medical data, date of birth, and— in limited cases—Social Security numbers.
- Did Episource offer credit monitoring, and for how long?
- Yes. Episource is providing two years of free credit monitoring and identity-theft protection through IDX.
- How many people were affected by the Episource breach?
- As of the latest filing, Episource has not publicly disclosed the total number of impacted individuals.
- How can I get the official breach notice (PDF) for Episource?
- You can download it directly from the California Attorney General’s website using the button above.
This article is provided for informational purposes only and does not constitute legal advice.