Active breach tracker UT Disclosed December 30, 2025

Advantage Capital Holdings LLC Data Breach 2025: 26,343 Affected · Hacking/IT Incident · UT Health Plan. What To Do.

Advantage Capital Holdings LLC filed a HIPAA breach notification with the HHS Office for Civil Rights on December 30, 2025, reporting 26,343 individuals affected by a Hacking/IT Incident at a Network Server. The OCR portal classifies the covered entity as a Health Plan in Utah. Federman & Sherwood announced a class-action investigation on May 13, 2026.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Dec 30, 2025

Advantage Capital Holdings LLC reports the breach to HHS OCR — 26,343 affected, Hacking/IT Incident at a Network Server, covered entity classified as Health Plan in Utah.

May 13, 2026

Federman & Sherwood announces a class-action investigation into the incident, citing the OCR filing and describing the data exposed.

Data exposed

01

High-risk identity

Enables financial + identity theft

Social Security number

03

Contact & insurance

Phishing + targeted scams

Name Financial information Medical information Health insurance information Other sensitive personal information
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

Advantage Capital Holdings LLC reported a Hacking/IT Incident at a Network Server to the U.S. Department of Health and Human Services Office for Civil Rights on December 30, 2025, affecting 26,343 individuals. The OCR portal classifies the covered entity as a Health Plan in Utah. Advantage Capital Holdings, which does business as A-CAP, is an SEC-registered investment adviser and holding company that manages insurance and financial businesses; the Utah-based health-plan filing appears to relate to one of its affiliated insurance entities rather than the parent holding company itself. On May 13, 2026, the national consumer-protection law firm Federman & Sherwood announced a class-action investigation into the breach.

Timeline

  • December 30, 2025 — Advantage Capital Holdings LLC files with HHS OCR: 26,343 affected, Hacking/IT Incident at a Network Server, covered entity classified as a Utah Health Plan.
  • May 13, 2026 — Federman & Sherwood publishes notice of its class-action investigation, referencing the data categories at issue.

The intrusion window, the date the entity first detected the activity, and the date individual notification letters were mailed are not yet publicly disclosed in OCR or trade-press records. Categories of data named below come from the Federman & Sherwood investigation notice; the entity’s own substitute notice is the authoritative list for any individual recipient.

What was exposed

Per the Federman & Sherwood investigation announcement, the data elements potentially involved include:

  • Name.
  • Social Security number.
  • Financial information.
  • Medical information.
  • Health insurance information.
  • Other sensitive personal information.

Not every individual will have had every element exposed. Your specific notification letter, when it arrives, will list the precise data elements involved for you.

Who’s notifying you (Health Plan)

The OCR portal lists the covered entity as a Health Plan, so notifications will typically be sent by the health plan that holds your enrollment record, on its letterhead. Because Advantage Capital Holdings is a holding company that operates through subsidiary insurance and financial businesses, the letter you receive may carry the name of an affiliated health plan rather than “Advantage Capital Holdings LLC” itself.

Practically:

  • Read any letter referencing this incident carefully — it should identify the specific entity that holds your information, the data elements exposed, and any complimentary credit-monitoring offered.
  • If you have ever been enrolled in a Utah-based health plan affiliated with A-CAP, treat such a letter as legitimate until proven otherwise, then verify through the plan’s customer-service number printed on your insurance card.
  • Do not enter personal information into any sites that arrive via unsolicited email or text claiming to be the breach response.

Class-action posture

On May 13, 2026, Federman & Sherwood — a national consumer-protection firm that regularly brings breach class actions — announced it is investigating Advantage Capital Holdings LLC over the incident, examining whether the company implemented reasonable cybersecurity safeguards. The firm’s notice is an investigation announcement, not a filed complaint; no class action has been confirmed in the public record at the time of this writing, and no settlement exists. We will update this page if and when a complaint is filed or consolidated.

What to do

  • Read the letter carefully. It will identify which data elements were exposed for you specifically and how to enroll in any credit-monitoring the entity is offering.
  • Freeze your credit with Equifax, Experian, and TransUnion. It is free, takes about ten minutes per bureau, and is the most effective single step against new-account fraud given the SSN exposure indicated here.
  • Watch for medical-identity misuse. Because medical and health-insurance information was involved, scrutinize Explanation of Benefits statements from your insurer and flag any services or providers you do not recognize.
  • Rotate passwords and turn on multi-factor authentication on your email, bank, and benefits accounts as a precaution.
  • Verify communications. Phishing that references the entity name plus “data breach” is predictable. Confirm any enrollment link through the printed letter or the call-center number on your insurance card, not through email or SMS links.
  • Bookmark this page. We update it as the entity’s substitute notice, state attorney general filings, trade press, or court filings become available.

Sources

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.