UPDATED: May 29, 2026

Ermi Data Breach

Ermi experienced a data breach impacting employee emails and potentially exposing names, Social Security numbers, medical and financial information. Individuals affected should monitor accounts, secure their credit, and consider joining a class action lawsuit through Class Action U to seek compensation.

Ermi

Date of Breach: July 25, 2025

Who was affected:

Clients of Ermi

Impacted Data:

Names

Social Security numbers

Driver’s license numbers

Financial information

Medical information

Health insurance information

Dates of birth

Ermi, a medical device company, experienced a data breach affecting employee email accounts. Sensitive personal and medical information may have been exposed, including Social Security numbers, financial details, and health information. Individuals affected are encouraged to explore legal options for compensation.

Ermi’s Data Breach Investigation

Ermi, a company specializing in medical devices to assist patients with motion loss, recently disclosed a significant data breach. The breach involved unauthorized access to employee email accounts, raising serious concerns about the security of both employee and patient information. As part of the company’s investigation, Ermi worked to identify the scope and impact of the unauthorized access.

The initial detection of suspicious activity occurred around July 25, 2025. Following this, Ermi conducted a thorough internal investigation and discovered that the breach had begun much earlier, from approximately February 15, 2025, and lasted until August 14, 2025. This investigation was comprehensive, covering all potentially affected systems, accounts, and data storage methods. By April 17, 2026, Ermi identified that certain files containing personal information may have been compromised.

In compliance with legal reporting requirements, Ermi submitted a detailed report to the Texas Attorney General’s Office. The report revealed that personal and sensitive data—including names, Social Security numbers, driver’s license numbers, financial records, medical information, health insurance details, and dates of birth—may have been exposed to unauthorized parties.

Ermi’s breach underscores the increasing vulnerability of employee email accounts, which often contain extensive personal and organizational information. Medical device companies like Ermi are entrusted with highly sensitive patient data, and breaches can have both immediate and long-term consequences for affected individuals.

Regulators, cybersecurity experts, and legal professionals stress the importance of swift response measures. Ermi reportedly began notifying impacted individuals and offered guidance on mitigating risks. However, many individuals may remain unaware of the exposure, highlighting the need for ongoing vigilance. Experts encourage anyone who may have received a breach notification or suspects exposure to act quickly to protect their information and consider joining legal efforts to hold Ermi accountable.

When Did This Breach Occur?

The Ermi data breach occurred between approximately February 15 and August 14, 2025, with the company becoming aware of unauthorized activity around July 25, 2025.

What Information Was Breached?

Names
Social Security numbers
Driver’s license numbers
Financial information
Medical information
Health insurance information
Dates of birth

What You Can Do

If your information was compromised in the Ermi data breach, there are several important steps you can take to protect yourself:

Monitor accounts: Check bank, credit card, and other financial statements for unusual activity.
Consider a credit freeze or fraud alert: This prevents new accounts from being opened in your name without authorization.
Review medical and insurance records: Watch for errors or fraudulent activity on claims or coverage.
Document expenses and losses: Keep records of time spent dealing with the breach, any out-of-pocket costs, and related issues.
Seek legal guidance: Contact Class Action U to determine if you may be eligible to participate in a class action lawsuit for compensation.

Taking action early helps mitigate potential identity theft or financial harm and strengthens any potential legal claims.

File a Data Breach Lawsuit Against Ermi

Individuals affected by the Ermi data breach may be entitled to compensation for privacy violations, lost time, out-of-pocket expenses, and other damages. Filing a class action lawsuit can also push Ermi to improve their security protocols and prevent future breaches.

Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

Other Data Breaches

Blue Teal Holdings Data Breach

Date of Breach: October 13, 2025

Acadia Healthcare Data Breach

Date of Breach: March 25, 2026

Industrial Acceptance Corporation Data Breach

Date of Breach: May 11, 2026

Frequently Asked Questions

What Should I Do If I Believe My Data Has Been Breached?

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

What Happens to Your Data in a Data Breach?

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

How Should I Respond to a Data Breach Notification?

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

What Evidence is Needed for a Data Breach Claim?

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Can a Company Be Sued for a Data Breach?

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

What is the Average Settlement in a Data Breach Lawsuit?

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.