Johnson Controls International plc Data Breach Lawsuit Investigation
File Your Claim Now

Dapeer Law, P.A., a top-rated class action law firm, is investigating the Johnson Controls International plc data breach. If you received notice that your information was exposed during this breach, you may be entitled to compensation. It's free to join our investigation to see if we can help you recover.

Johnson Controls Data Breach Lawsuit Investigation

Download Breach Notice (PDF)

Were your Social Security number and other personal details exposed by Johnson Controls? Tens of thousands of current and former employees just learned their sensitive data is at risk. Find out how to protect yourself and whether you can seek compensation.

What Happened?

On February 1, 2023, Johnson Controls International plc—one of the world’s largest building solutions providers—suffered a cyber-intrusion that allowed unknown actors to access its internal systems. The company reported the incident to state regulators more than two years later, on June 30 and July 1, 2025, triggering mandatory public disclosures in California, Texas, and Vermont.

Key Facts at a Glance

  • Date of breach: February 1, 2023
  • Public disclosure: June 30–July 1, 2025
  • Individuals affected: At least 38,037 in Texas alone; nationwide total likely higher
  • Data exposed: Names, Social Security numbers, dates of birth, postal addresses, government IDs, medical and financial information
  • Population impacted: Employees, contract workers, and some job applicants
  • Regulatory filings: California, Texas, and Vermont Attorneys General

Which Information Was Compromised?

The notices filed with state regulators indicate multiple categories of personally identifiable information (PII) were accessed, including:

  • Full legal names
  • Social Security numbers
  • Dates of birth
  • Home addresses
  • Government-issued identification details
  • Medical and financial information provided during employment or hiring

While no protected health information (PHI) was specifically confirmed, the breadth of exposed data significantly elevates the risk of identity theft and fraud.

Johnson Controls’ Response

The company notified affected individuals by U.S. Mail and published a dedicated FAQ page outlining precautionary steps. However, the FAQ does not identify the root cause of the breach, the threat actors involved, or the precise timeline of containment efforts.

Your Next Steps

If you received a breach notification—or suspect your information was involved—take the following actions immediately:

  • Review the letter and keep it in a safe place.
  • Monitor bank and credit card statements for unauthorized charges.
  • Obtain a free credit report and look for unfamiliar accounts.
  • Consider placing a fraud alert or credit freeze with the major credit bureaus.
  • Enable multi-factor authentication and update passwords to unique, complex phrases.

Legal Options for Johnson Controls Data Breach Victims

Under U.S. data-privacy laws, companies that fail to safeguard consumer information may be held liable for resulting damages. Potential compensation in a class action can include:

  • Reimbursement for unreimbursed fraud losses and out-of-pocket expenses
  • Time spent preventing or remedying identity theft
  • Credit-monitoring costs
  • Emotional distress and loss of privacy

Filing a claim preserves your rights and pressures Johnson Controls to strengthen its security measures. Eligibility generally requires proof that you received the breach notice or that your data was stored by the company during the affected period.

Frequently Asked Questions

How do I know if I’m part of the Johnson Controls data breach?

You should have received a mailed notice from Johnson Controls. If your current or former employer is Johnson Controls—or you applied for a position—during or before February 2023, request clarification from the company’s hotline listed in the letter.

What information did hackers obtain in the Johnson Controls breach?

Regulatory filings confirm exposure of Social Security numbers, dates of birth, addresses, government IDs, and certain medical and financial data.

Is Johnson Controls offering free credit monitoring?

The company’s FAQ indicates that identity-protection services are available, though enrollment details vary by jurisdiction. Check your notice letter for sign-up instructions and deadlines.

Can I file a lawsuit against Johnson Controls for the data breach?

Yes. A class action lawsuit is being investigated to seek damages for affected individuals. Participation typically involves completing a claim form and providing proof of impact.

Will a credit freeze prevent all identity theft linked to the Johnson Controls breach?

A credit freeze blocks new credit inquiries but does not stop misuse of existing accounts or non-credit-related fraud. Continue monitoring statements and consider additional safeguards such as account alerts and two-factor authentication.

Bottom Line

The Johnson Controls data breach underscores the importance of rigorous cybersecurity and prompt disclosure. By staying vigilant, leveraging identity-protection tools, and exploring legal remedies, you can mitigate potential harm and hold responsible parties accountable.

Attorney Advertising. Prior results do not guarantee a similar outcome.

File Your Claim Now