UPDATED: January 20, 2026

Mercury Pharmacy Services Data Breach

On November 14, 2025, Mercury Pharmacy Services detected a data breach that may have exposed personal information like names, addresses, and prescription details. While the breach did not involve Social Security numbers or financial data, affected individuals should monitor their accounts for suspicious activity. If you were impacted, explore your options for joining a class action lawsuit.

Mercury Pharmacy Services

Date of Breach: November 14, 2025

Who was affected:

Clients of Mercury Pharmacy Services

Impacted Data:

Full names

Addresses

Prescription information

Mercury Pharmacy Services, a division of Guardian Pharmacy of Washington, LLC, recently discovered a data breach affecting sensitive personal information. Though the full scope of the breach remains uncertain, it involved unauthorized access to a portion of the company’s computer network between November 12, 2025, and November 14, 2025.

Mercury Pharmacy Services’ Data Breach Investigation

On November 14, 2025, Mercury Pharmacy Services identified suspicious activity within its network. Upon detection, the company immediately took action to secure its systems and initiated an investigation, enlisting the help of a third-party cybersecurity firm to analyze the situation. The investigation confirmed that an unauthorized individual had accessed a limited area of Mercury’s computer network and may have copied certain files during the breach.

The compromised data includes potentially sensitive personal information such as names, addresses, and prescription details, but the breach did not involve Social Security numbers, financial information, or health benefits data. Although Mercury could not confirm exactly what information was accessed or copied, the company issued notifications as a precautionary measure.

Mercury took swift action to notify impacted individuals and the media about the breach. As of January 13, 2026, the company posted substitute notices on its website and issued notifications to potentially affected individuals in Washington.

Mercury’s response to this breach includes implementing additional security measures and reviewing its data protection policies. While the company is unaware of any misuse of the exposed data, the incident has raised concerns about the vulnerability of patient information within healthcare-related networks.

When Did This Breach Occur?

The suspicious activity was detected on November 14, 2025.
The investigation confirmed unauthorized access between November 12, 2025, and November 14, 2025.
Notification to impacted individuals was provided on January 13, 2026.

What Information Was Breached?

The data potentially affected by this breach includes:

Full names
Addresses
Prescription information

Notably, the compromised data did not include:

Social Security numbers
Health benefits information
Financial account information

What You Can Do

If you believe you were impacted by the Mercury Pharmacy Services data breach, take the following steps to protect your personal information:

Monitor account statements: Review your financial records and health insurance accounts for any unusual activity.
Check Explanation of Benefits (EOB) forms: Ensure that there are no discrepancies in your healthcare services or claims.
Report suspicious activity: Contact the organization that issued any suspicious records to investigate and resolve any issues.
Stay vigilant: If you notice any unauthorized transactions or accounts opened in your name, take immediate action by reporting it to the institution.

While Mercury has not identified any misuse of the compromised data, it encourages all affected individuals to remain vigilant and safeguard their information. Mercury is also providing additional resources and guidance to help mitigate potential risks.

File a Data Breach Lawsuit Against Mercury Pharmacy Services

If you were notified about the Mercury Pharmacy Services data breach, or if you believe your data was exposed, you may be entitled to compensation. Data breaches involving personal health information can lead to identity theft, fraud, and long-term consequences for those affected.

Joining a class action lawsuit can provide an opportunity to hold Mercury accountable for the breach, and it may help victims recover damages related to credit monitoring, fraud protection, and other costs incurred due to the breach.

Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve received notice about this breach or discovered that you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

Other Data Breaches

Merkle Data Breach

Date of Breach: August 31, 2025

First Meridian Services Data Breach

Date of Breach: September 5, 2025

Anchor Industries Data Breach

Date of Breach: Not Specified

Frequently Asked Questions

What Should I Do If I Believe My Data Has Been Breached?

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

What Happens to Your Data in a Data Breach?

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

How Should I Respond to a Data Breach Notification?

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

What Evidence is Needed for a Data Breach Claim?

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Can a Company Be Sued for a Data Breach?

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

What is the Average Settlement in a Data Breach Lawsuit?

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.