Episource, LLC Data Breach Lawsuit Investigation

If you received a data-breach notice from Episource, LLC, you may be entitled to free credit monitoring, identity-theft protection, or compensation. Review the confirmed facts below and take immediate steps to safeguard your information.

Key Facts at a Glance

• Breach period: January 27 – February 6, 2025
• Discovery date: February 6, 2025
• Consumer notice date: October 1, 2025
• Type of incident: Unauthorized access and data exfiltration
• Free services offered: Two years of credit monitoring and identity-theft protection through IDX

What Happened

On February 6, 2025, Episource detected unusual activity within its computer systems. The company immediately disabled those systems, launched an internal investigation with the assistance of a specialized cybersecurity team, and notified law enforcement. The investigation revealed that an unauthorized actor viewed and copied certain files during the period from January 27 to February 6, 2025.

Information Involved

The data exposed varied by individual. According to notice letters filed with the California Attorney General, the categories may include:

• Contact details: name, address, phone number, email
• Health-insurance information: plan or policy details, insurance company, member/group ID, Medicaid/Medicare/government payor ID
• Health data: medical record number, treating physicians, diagnoses, medications, test results, imaging, care and treatment information
• Other personal data: Social Security number, date of birth

Company Response

Episource reports that it:

• Shut down affected computer systems and engaged external cybersecurity experts
• Notified federal law-enforcement authorities
• Implemented additional technological safeguards
• Offered two years of complimentary credit monitoring and identity-theft protection

Eligible individuals can enroll for these services at https://response.idx.us/episource using the personal enrollment code provided in their notice letter.

Next Steps for Affected Individuals

Until you complete enrollment in the offered IDX services, consider taking the following actions:

• Monitor bank, credit-card, and insurance statements for unfamiliar activity
• Request free credit reports from the major bureaus and review them carefully
• Place a fraud alert or security freeze on credit files if you spot suspicious transactions
• Promptly report any suspected identity theft to the Federal Trade Commission and local law enforcement

Company Overview

Episource, LLC is a digital healthcare services provider that supports health plans and medical groups with risk-adjustment analytics, chart retrieval, and coding services.

• Website: episource.com
• Headquarters: 500 W. 190th Street, Suite 400, Gardena, California, USA
• Year founded: 2006
• Industry: Digital Healthcare
• Employee count: 8,000
• Parent entity: Optum
• Privacy policy: episource.com/privacy
• Support: episource.com/contact
• Social media: Facebook | X (Twitter) | Instagram | LinkedIn | YouTube

Frequently Asked Questions (FAQ)

How did Episource, LLC discover the data breach?

The company detected unusual system activity on February 6, 2025, prompting an immediate investigation.

What information was exposed in the Episource, LLC breach?

Potentially exposed data includes contact details, health-insurance information, medical records, Social Security numbers, and dates of birth.

Is Episource, LLC offering free credit monitoring?

Yes. Impacted individuals are eligible for two years of complimentary credit monitoring and identity-theft protection through IDX.

Has the number of affected individuals been released?

No. As of the latest notice filed on October 1, 2025, Episource has not publicly disclosed the total number of affected individuals.

Can I join a lawsuit related to the Episource, LLC data breach?

Those who received an official notice letter may have legal claims for statutory damages and out-of-pocket losses. Consult a data-privacy attorney to understand your options.