UPDATED: March 25, 2026

Normandin, Cheney & O’Neil Data Breach

On December 24, 2025, Normandin, Cheney & O’Neil, PLLC experienced a data breach affecting personal information such as Social Security numbers and driver’s license numbers. Affected individuals are being offered free credit monitoring services. Those impacted may be entitled to compensation through a class action lawsuit. Find out how to protect your information and explore your legal options.

Normandin, Cheney & O’Neil

Date of Breach: March 11, 2025

Who was affected:

Clients of Normandin, Cheney & O’Neil

Impacted Data:

Name of individual

Social Security Number

Driver’s License Number

On March 11, 2025, Normandin, Cheney & O’Neil, PLLC (NCO) notified individuals about a data breach that could have compromised sensitive personal information. The breach occurred between December 20 and December 24, 2025, affecting Social Security numbers and driver’s license information. NCO is offering free credit monitoring services to affected individuals, and those impacted may be eligible for compensation through a class action lawsuit.

Normandin, Cheney & O’Neil, PLLC’s Data Breach Investigation

On December 24, 2025, Normandin, Cheney & O’Neil, PLLC became aware of unusual activity on its network. Upon investigation, it was confirmed that unauthorized access had occurred on the network between December 20 and December 24, 2025. During this time, sensitive information may have been accessed or copied. The law firm immediately began working with third-party specialists to conduct a thorough review of the affected data and notify the individuals whose information may have been compromised.

Although the investigation is still ongoing, NCO identified 12 New Hampshire residents whose Social Security numbers and/or driver’s license numbers may have been impacted. At this stage, the law firm is unable to confirm the full extent of the breach, but they have committed to providing affected individuals with timely updates once the comprehensive review is completed.

In response to the incident, NCO reported the breach to law enforcement, changed network passwords, and reviewed its internal policies and procedures. To mitigate the potential risk of identity theft or fraud, the firm is offering free credit monitoring and identity protection services to the impacted individuals.

When Did This Breach Occur?

The data breach occurred between December 20, 2025, and December 24, 2025. The firm detected the unusual network activity on December 24, 2025, and immediately began investigating the breach. Notification letters were mailed to affected individuals on March 11, 2025.

What Information Was Breached?

The breach potentially exposed the following personal information:

Name of individual
Social Security Number
Driver’s License Number

NCO has confirmed that 12 New Hampshire residents were impacted by the breach. The ongoing investigation is still working to determine whether additional individuals were affected.

What You Can Do

If you were affected by the Normandin, Cheney & O’Neil data breach, there are several steps you can take to protect your personal information:

Enroll in Free Credit Monitoring: NCO is offering free credit monitoring services to those impacted. These services will help you monitor your credit files for any signs of unauthorized activity.
Place a Fraud Alert or Security Freeze: You can place a fraud alert or security freeze on your credit reports to prevent any new accounts from being opened in your name.
Monitor Your Financial Accounts: Regularly review your bank and credit card statements for any unusual transactions.
Obtain a Free Credit Report: Take advantage of your right to a free credit report each year and carefully review it for any discrepancies or unfamiliar accounts.

Taking these steps will help protect you from potential identity theft or fraud resulting from the breach.

File a Data Breach Lawsuit Against Normandin, Cheney & O’Neil, PLLC

If you have received a data breach notification from Normandin, Cheney & O’Neil, PLLC and believe you were affected by this incident, you may be entitled to compensation. Victims of data breaches can often pursue class action lawsuits to recover damages, including compensation for emotional distress, financial loss, and the costs associated with identity theft or fraud prevention.

At Class Action U, we are here to help you explore your legal options and connect with experienced attorneys who specialize in class action lawsuits. Don’t face this alone—join the fight for justice today!

Fill out our secure form to speak with a lawyer for a free consultation. There’s no cost to reach out, and you are under no obligation to take further action after your consultation.

Your voice matters, and together, we’re stronger.

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

Other Data Breaches

Ailco Equipment Finance Group Data Breach

Date of Breach: January 13, 2026

Austin Plastic and Reconstructive Surgery Data Breach

Date of Breach: June 30, 2025, to July 1, 2025

Karmê Chöling Data Breach

Date of Breach: On February 18, 2026

Frequently Asked Questions

What Should I Do If I Believe My Data Has Been Breached?

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

What Happens to Your Data in a Data Breach?

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

How Should I Respond to a Data Breach Notification?

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

What Evidence is Needed for a Data Breach Claim?

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Can a Company Be Sued for a Data Breach?

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

What is the Average Settlement in a Data Breach Lawsuit?

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.