Evoke Wellness at Cohasset (MCAT) recently disclosed a data security incident in which unauthorized access to sensitive patient information may have occurred. The breach involved the exposure of personal details, including Social Security numbers and credit card information.
Evoke Wellness at Cohasset’s Data Breach Investigation
Evoke Wellness at Cohasset, known as MCAT, became aware of suspicious activity within its network on August 7, 2025. Upon discovering this unauthorized activity, MCAT immediately initiated an investigation to determine the cause and scope of the incident. The investigation found that certain patient information may have been accessed without authorization during this time period.
The breach led to the potential exposure of personal and sensitive data, including names, Social Security numbers, driver’s licenses, and credit card information. The findings of the investigation confirmed that unauthorized access took place, and MCAT has notified all affected individuals about the breach.
The investigation and review were completed by January 30, 2026, and the list of impacted individuals was finalized. While MCAT has not confirmed that the exposed information was misused, the nature of the exposed data raises significant concerns about the risks of identity theft and fraud.
As part of its response, MCAT is offering affected individuals access to Single Bureau Credit Monitoring, Single Bureau Credit Report, and Single Bureau Credit Score services at no charge for 24 months. These services are designed to alert individuals of any changes to their credit file and provide proactive fraud assistance. These services will be provided by Cyberscout, a TransUnion company specializing in fraud prevention and identity restoration.
Although MCAT has acted swiftly to address the incident, those impacted may still face potential risks related to the misuse of their personal and financial information.
When Did This Breach Occur?
According to MCAT’s disclosure:
-
Date(s) the Breach Occurred: August 7, 2025 – January 30, 2026 (investigation and final list completion)
-
Date the Breach Was Discovered: August 7, 2025
The breach was identified in August 2025, and MCAT completed its investigation by January 30, 2026.
What Information Was Breached?
The types of information that may have been exposed during the breach include:
-
Full name
-
Address
-
Date of birth
-
Social Security number
-
Driver’s license
-
Credit card information
The specific information involved varied by individual, but the data exposed is particularly concerning due to the inclusion of financial and identifying details.
What You Can Do
If you received a notification from Evoke Wellness at Cohasset (MCAT), here are some steps you can take to protect yourself:
-
Enroll in the complimentary credit monitoring services offered through Cyberscout. You must sign up within 90 days of receiving the notice to take advantage of the free services.
-
Monitor your financial accounts and transaction history for unauthorized activity.
-
Place a fraud alert or security freeze on your credit file by contacting the major credit bureaus (Equifax, Experian, and TransUnion).
-
Review your credit reports regularly for any unfamiliar accounts or credit inquiries.
-
Remain cautious of phishing emails or phone calls requesting personal or financial information.
Even if there is no immediate evidence of fraud, exposed Social Security numbers and financial account details can result in identity theft or fraudulent activity long after the breach has occurred. Monitoring your accounts proactively is key to minimizing potential damage.
You may also want to explore your legal options. Many individuals do not realize that they may qualify to participate in a class action lawsuit following a data breach. If you believe your information has been exposed, it may be beneficial to learn about the potential for compensation and legal recourse.
File a Data Breach Lawsuit Against Evoke Wellness at Cohasset
If you received notice that your personal information was involved in the MCAT data breach, you may have the right to pursue legal action.
Data breach lawsuits seek to hold organizations accountable when they fail to protect sensitive personal data. Compensation in these cases may include reimbursement for financial losses, credit monitoring expenses, identity restoration costs, and other damages caused by the exposure of your information.
You do not have to face this situation alone. Understanding your legal rights can help you determine whether you qualify to join a class action lawsuit and seek compensation for the risks posed by this incident.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team
