DBR & Co recently disclosed a cybersecurity incident involving unauthorized access to its network. The breach affected 2,806 individuals and may have exposed sensitive personal information, including names and other confidential data maintained by the company.
DBR & Co’s Data Breach Investigation
DBR & Co recently notified affected individuals of a data security incident involving unauthorized access to its network environment. According to the company’s notification letter, DBR & Co learned on or about November 11, 2025, that an unauthorized individual may have gained access to its network. Upon discovering the incident, the company immediately secured its systems and launched a comprehensive investigation with the assistance of external cybersecurity professionals.
The investigation sought to determine the nature and scope of the unauthorized access and whether any personal information may have been affected. Following an extensive forensic review and document analysis, DBR & Co determined on April 9, 2026, that a limited amount of personal information may have been subject to unauthorized acquisition between November 11 and November 12, 2025.
Regulatory disclosures indicate that the incident affected 2,806 individuals, including one Maine resident. The breach was categorized as “Other” rather than a traditional hacking classification, although the company reported that an unauthorized individual may have gained access to its network. The breach was reportedly discovered on May 13, 2026, following the company’s investigation and review process.
According to the notification materials, the potentially exposed information included individuals’ full names along with additional personal information specific to each affected person. The notice uses individualized data fields because the precise categories of exposed information vary by recipient. The filing indicates that personal information was acquired without authorization, creating potential risks associated with identity theft, fraud, and misuse of sensitive information.
DBR & Co stated that it has no evidence of financial fraud or identity theft resulting from the incident. Nevertheless, the company is offering complimentary identity monitoring services through Kroll. These services include credit monitoring, fraud consultation, and identity theft restoration assistance. The company also provided guidance regarding fraud alerts, security freezes, credit monitoring, and other identity protection measures.
As part of its response, DBR & Co reported that it secured its network, conducted a thorough investigation, and continued implementing measures designed to strengthen the protection of personal information. The company emphasized its ongoing commitment to maintaining the privacy and security of the information entrusted to it.
Data breaches involving personal information can create long-term concerns for consumers. Even when misuse has not been identified, affected individuals may spend significant time monitoring financial accounts, reviewing credit reports, and taking steps to protect their identities. Individuals who receive notification from DBR & Co may wish to stay informed about the incident and learn more about their legal rights.
When Did This Breach Occur?
According to available information regarding the incident:
- Date Breach Occurred: November 11, 2025
- Unauthorized Access Window: November 11–12, 2025
- Date Breach Discovered: May 13, 2026
- Individuals Affected: 2,806
- Maine Residents Affected: 1
- Type of Incident: Other
DBR & Co reported that an unauthorized individual may have gained access to its network during the affected period.
What Information Was Breached?
According to the notification materials, the potentially exposed information included:
- Full name
- Other personal information specific to the affected individual
The notice indicates that exposed data elements varied by recipient. Individuals should review their notification letter carefully to determine exactly what information may have been involved in their case.
What You Can Do
If you received a notification from DBR & Co, consider taking the following precautions:
- Enroll in the complimentary Kroll identity monitoring services.
- Review financial account statements and credit reports regularly.
- Consider placing a fraud alert or security freeze on your credit file.
- Monitor for signs of identity theft or unauthorized account activity.
- Keep records of any suspicious transactions or communications.
- Remain vigilant against phishing emails and fraud attempts.
Consumers affected by a data breach may also wish to learn more about their legal rights and determine whether compensation may be available for harms related to the exposure of personal information.
File a Data Breach Lawsuit Against DBR & Co
If you received a data breach notification from DBR & Co, you may have legal rights. Organizations that collect and maintain personal information are expected to implement reasonable safeguards to protect that data from unauthorized access. When personal information is exposed, affected individuals may face risks including identity theft, fraud, privacy violations, and the costs associated with monitoring and protecting their identities.
A data breach lawsuit may seek compensation for loss of privacy, out-of-pocket expenses, time spent responding to the incident, identity theft risks, and other damages associated with the exposure of personal information.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.
