Subscribe To Our Newsletter

This field is for validation purposes and should be left unchanged.

Operation PAR, Boley Centers Data Breach

Operation PAR, Boley Centers, and Eleos disclosed a data breach involving unauthorized network access from June 6–10, 2025. The investigation concluded in June 2026 that names and possibly additional personal information may have been affected. Individuals are encouraged to monitor accounts and take protective steps.

Operation PAR, Boley Centers
Date of Breach: June 6, 2025 to June 10, 2025
CAU logo

Who was affected:

Clients of Operation PAR, Boley Centers

Impacted Data:

First and last name

Operation PAR, Inc., Boley Centers, Inc., and PEMHS dba Eleos have jointly notified individuals of a cybersecurity incident involving unauthorized access to their network that may have exposed personal information. The organizations report that affected individuals may include patients and employees, and that credit monitoring services are being offered as a precaution while the investigation concluded that certain data may have been accessed or removed.

Operation PAR, Inc., Boley Centers, Inc., and PEMHS dba Eleos’s Data Breach Investigation

Operation PAR, Inc., Boley Centers, Inc., and PEMHS dba Eleos (collectively “the Organizations”) disclosed a cybersecurity incident involving unauthorized access to their network environment beginning on or about June 6, 2025. According to the notice, the organizations later discovered the intrusion on June 10, 2025 and immediately secured their systems while launching a full investigation.

Following discovery, the Organizations engaged external cybersecurity professionals to assist with forensic analysis and containment efforts. The investigation confirmed that unauthorized actor(s) accessed and potentially removed certain files from the network during the four-day window between June 6 and June 10, 2025.

After the technical investigation concluded, the organizations completed a detailed review of the affected data. On June 10, 2026, they determined that certain files may have contained personal information belonging to individuals associated with their services, including patients and employees.

The Organizations state that they have since strengthened their cybersecurity posture by implementing additional safeguards, enhancing internal controls, and improving monitoring systems. These steps are intended to reduce the likelihood of similar unauthorized access events in the future.

At this stage, the organizations have not reported evidence of confirmed identity theft or fraud resulting from the incident. However, they issued notice out of an abundance of caution, reflecting the standard practice in healthcare-related data incidents where sensitive personal information may have been exposed but misuse has not yet been identified.

Healthcare and behavioral health providers are frequent targets of cyberattacks due to the sensitivity of the data they maintain. Even limited exposure of names or identifying information can create downstream risks, including phishing attempts, identity theft, or fraudulent use of personal data when combined with other leaked information sources.

Because behavioral health organizations often handle deeply sensitive patient information, incidents like this can be especially concerning for affected individuals. Even when the disclosed data appears limited, the context of the organization’s services can heighten privacy expectations and the importance of data protection safeguards.

When Did This Breach Occur?

The notice states that unauthorized access to the Organizations’ network occurred between June 6, 2025 and June 10, 2025.

The intrusion was discovered on June 10, 2025, at which point the Organizations took steps to secure their systems and begin a forensic investigation.

The investigation and review of affected data were completed later, with a final determination made on June 10, 2026 regarding the individuals whose information may have been impacted.

This timeline reflects a common pattern in cybersecurity incidents where initial access occurs over a short window, but forensic review and notification processes extend significantly longer due to the complexity of data analysis and identification of affected individuals.

What Information Was Breached?

Based on the findings disclosed in the notice, the following categories of personal information may have been involved:

  • First and last name
  • Other personal information associated with individuals (partially redacted or unspecified in the notice excerpt)

The notice indicates that the impacted information included names and potentially additional personal data; however, the full list of exposed data elements is not fully specified in the provided disclosure.

Because the scope of additional information is not clearly defined in the publicly available notice excerpt, individuals should assume that their personal identifiers may be at risk and take appropriate precautionary measures.

Even exposure of basic identifying information can increase risk when combined with other datasets. In behavioral health contexts, the sensitivity of association alone can also create privacy concerns, particularly if communications or targeting attempts are made using inferred affiliation with healthcare services.

What You Can Do

If you received a notice from the Organizations or believe you may have been affected, it is important to take proactive steps to protect your personal information.

Start by monitoring your financial accounts and credit reports for any unfamiliar activity, including new accounts, unauthorized inquiries, or changes to personal information. Even if only limited data was exposed, attackers may attempt to use it in broader identity theft or phishing campaigns.

You should also remain alert for suspicious communications. Cybercriminals often exploit breach events to send emails, texts, or phone calls that appear legitimate but are designed to collect additional sensitive information. Do not provide personal details unless you can independently verify the source.

If credit monitoring services are offered, enrolling can help detect changes to your credit file and provide early warning of potential misuse. Additionally, consider placing a fraud alert or credit freeze with major credit bureaus to add further protection.

Finally, individuals should report any suspicious financial or medical activity promptly to the appropriate institution. Early detection can significantly reduce the impact of identity misuse.

File a Data Breach Lawsuit Against Operation PAR, Boley Centers, and Eleos

Organizations that collect and maintain sensitive personal information have a legal obligation to implement reasonable safeguards to protect that data. When unauthorized access occurs, affected individuals may have questions about whether those safeguards were sufficient and whether their personal information was properly protected.

Even when no fraud has been confirmed, individuals may still experience harm in the form of time spent reviewing accounts, enrolling in credit monitoring, and taking preventive steps to protect against identity theft. These impacts can be significant, particularly in cases involving healthcare or behavioral health providers.

If you received a notice from the Organizations, believe your personal information may have been impacted, or took protective actions as a result of this incident, you may have legal options available. Acting with others in similar situations may help bring clarity and accountability regarding how the incident occurred and how personal data was handled.

Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
Other Data Breaches
Date of Breach: April 24, 2026
Date of Breach: June 6, 2025 to June 10, 2025

Frequently Asked Questions

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.