IKRON Data Breach

IKRON recently disclosed a cybersecurity incident affecting its network and operations. Unauthorized actors accessed employee and client records, including sensitive personal and health information.

IKRON’s Data Breach Investigation

On December 23, 2025, IKRON experienced a data security incident affecting its network. In February 2026, the company discovered that an unauthorized third party accessed certain servers and files, including internal documents and employment-related information for current and former employees.

On March 4, 2026, IKRON learned that a second unauthorized party infiltrated its network and gained access to an electronic health record environment used by IKRON. This access allowed the extraction of client health information, including protected health information and vocational service-related data.

IKRON conducted a comprehensive review of impacted files to identify individuals involved and the types of information compromised. This review is ongoing, and affected individuals are being notified.

The information accessed varies by individual. Across impacted populations, personal data may include:

• Name, address, date of birth, Social Security number, driver’s license number
• Medical record number, health insurance information, clinical information (diagnoses, medical history, treatment plans, clinical notes, appointment and billing information)
• Program participation, service records, employment or vocational information, education or work history, limited medication or disability-related information

IKRON promptly reported the incidents to law enforcement, isolated affected systems, disabled compromised accounts, reset passwords, assessed devices, deployed endpoint tools, and enhanced security monitoring. Third-party cybersecurity experts were engaged for forensic investigation and remediation.

When Did This Breach Occur?

• First Incident: December 23, 2025
• Second Incident: March 4, 2026
• Incident Discovery: February and March 2026
• Type of Incident: Unauthorized access / hacking of network and electronic health record environment

What Information Was Breached?

The potentially compromised data may include:

• Employee information: name, address, date of birth, Social Security number, driver’s license number
• Client health information: medical records, treatment plans, clinical notes, health insurance information
• Employment or vocational program information: service records, education/work history, disability-related information, limited medication information

What You Can Do

If you believe you were impacted:

• Enroll in IKRON’s 12-month complimentary credit monitoring service.
• Review account statements, medical records, and insurance statements for errors or suspicious activity.
• Monitor credit reports for unauthorized accounts or activity.
• Place a fraud alert or security freeze with the major credit bureaus.
• Report any suspected identity theft or fraud to financial institutions, law enforcement, and the Federal Trade Commission.

File a Data Breach Lawsuit Against IKRON

Affected individuals may have legal rights. Organizations maintaining sensitive employee and client information are expected to implement reasonable safeguards. Exposure of personal, health, and employment information may lead to identity theft, medical fraud, and other privacy harms.

A data breach lawsuit may seek compensation for loss of privacy, time spent monitoring accounts, out-of-pocket expenses, and other harms resulting from the incident.

Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.