Liberty Resources, Inc. Data Breach 2025: 103,711 Affected by Rhysida Ransomware. Behavioral Health, SUD, and Foster Care Nonprofit. What To Do
Liberty Resources, Inc., a Syracuse, NY-based community behavioral health, substance-use disorder, foster care, and disability-services nonprofit, filed a HIPAA breach notification with HHS OCR on March 4, 2025, reporting 103,711 affected individuals in a Hacking/IT Incident at a network server. The Rhysida ransomware group claimed responsibility on its dark-web leak site, threatening to publish 665 GB of allegedly stolen data containing 885,433 files. Plaintiff firms opened investigations in late 2025.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Jul 8, 2024
Unauthorized third-party access to Liberty Resources' network environment began
Jul 22, 2024
Liberty Resources identified the security incident and engaged outside forensic counsel
Aug 15, 2024
Rhysida ransomware group publicly listed Liberty Resources on its dark-web leak site, threatening to publish 665 GB / 885,433 files
Mar 4, 2025
Liberty Resources filed a Hacking/IT Incident report with HHS OCR (103,711 affected; network server)
Sep 25, 2025
Liberty Resources' forensic review determined which individuals' files contained personal information and/or protected health information, completing the scope assessment
Nov 21, 2025
Liberty Resources began mailing individual notification letters and filing with state attorneys general in at least 14 states including Texas (355 residents), Massachusetts (27 residents), California, Iowa, Maine, Montana, Nebraska, New Hampshire, Oregon, Rhode Island, South Carolina, Vermont, and Washington
Dec 3, 2025
Lynch Carpenter, Strauss Borrelli, Barnow, and other plaintiff firms publicly announced class-action investigations
Jul 8, 2024
Unauthorized third-party access to Liberty Resources' network environment began
Jul 22, 2024
Liberty Resources identified the security incident and engaged outside forensic counsel
Aug 15, 2024
Rhysida ransomware group publicly listed Liberty Resources on its dark-web leak site, threatening to publish 665 GB / 885,433 files
Mar 4, 2025
Liberty Resources filed a Hacking/IT Incident report with HHS OCR (103,711 affected; network server)
Sep 25, 2025
Liberty Resources' forensic review determined which individuals' files contained personal information and/or protected health information, completing the scope assessment
Nov 21, 2025
Liberty Resources began mailing individual notification letters and filing with state attorneys general in at least 14 states including Texas (355 residents), Massachusetts (27 residents), California, Iowa, Maine, Montana, Nebraska, New Hampshire, Oregon, Rhode Island, South Carolina, Vermont, and Washington
Dec 3, 2025
Lynch Carpenter, Strauss Borrelli, Barnow, and other plaintiff firms publicly announced class-action investigations
Data exposed
01
High-risk identity
Enables financial + identity theft
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Liberty Resources, Inc. is a Syracuse-based New York nonprofit founded in 1979 that operates a broad service mix spanning community behavioral health, substance-use disorder treatment, primary care, therapeutic foster care, child and family services, early childhood programs, disability supports, and supportive housing. The 103,711-record dataset that the Rhysida ransomware group exfiltrated in July 2024 reflects that breadth: the affected population includes adults in mental health and SUD treatment, families in the foster-care and child-welfare system, and individuals receiving disability and housing services.
Timeline
- July 8, 2024. Unauthorized third-party access to Liberty Resources’ network environment begins.
- July 22, 2024. Liberty Resources identifies the security incident and engages outside forensic counsel.
- August 15, 2024. The Rhysida ransomware group publicly lists Liberty Resources on its dark-web leak site, claiming to have stolen 665 GB of data containing 885,433 files and threatening to publish or sell the dataset within a week.
- March 4, 2025. Liberty Resources files a Hacking/IT Incident report with HHS OCR reporting 103,711 affected individuals. The event is categorized as a breach of a network server.
- September 25, 2025. Following a thorough forensic investigation and extensive manual document review, Liberty Resources determines which specific individuals’ files contained personal information and protected health information. This scope-determination date is the trigger for the individual notification clock.
- November 21, 2025. Liberty Resources begins mailing individual notification letters and publishes substitute-notice content. State attorney general filings follow in at least 14 states: Texas (355 residents), Massachusetts (27 residents), California, Iowa, Maine, Montana, Nebraska, New Hampshire, Oregon, Rhode Island, South Carolina, Vermont, Washington, and others.
- December 3, 2025. Lynch Carpenter, LLP, Strauss Borrelli PLLC, Barnow and Associates, P.C., and other plaintiff firms publicly announce class-action investigations. ClassAction.org’s affiliated attorneys open a parallel investigation, later marked complete as of early 2026 after internal evaluation.
What was exposed
Based on Liberty Resources’ substitute notice and the state attorney general filings (notably the Texas filing, which requires more granular disclosure than the OCR portal), the exposed dataset includes:
- Full name and address
- Date of birth
- Social Security number
- Driver’s license or government-issued ID number
- Medical information
- Health insurance information
- Certain financial information
Rhysida’s leak-site listing claimed 665 GB across 885,433 files, a volume consistent with bulk exfiltration from clinical, case-management, and back-office systems rather than a narrow file-share compromise. Independent reporting from HIPAA Journal corroborates the attribution and the volume.
The harm shape here is full-profile identity fraud (SSN plus government ID plus date of birth plus financial fields) layered on top of clinical and case-management records. For a meaningful share of the population, those records describe psychiatric care, substance-use treatment, foster placements, and disability services.
Sensitive-population considerations
Liberty Resources’ service mix creates two distinct privacy-harm layers beyond standard PHI exposure.
42 CFR Part 2 likely applies to a portion of the dataset. Part 2 is the federal confidentiality rule governing substance-use disorder treatment records held by federally assisted programs. Its protections are stricter than HIPAA: redisclosure without specific written consent is generally prohibited, and Part 2 records have historically carried heightened stigma and legal exposure in employment, family court, and professional licensing contexts. Liberty Resources operates SUD treatment programs of the type that are commonly federally assisted within the meaning of Part 2, though whether any specific program meets the definition is a fact-specific determination this page does not attempt. We flag the rule because affected individuals whose records describe SUD treatment may have rights and remedies their HIPAA-framed notification letter does not spell out.
The foster-care and child-welfare slice involves minors. A material portion of Liberty Resources’ caseload is children in therapeutic foster care, kinship placements, and early-childhood programs. Records of minors involved in the child-welfare system are doubly sensitive. New York Social Services Law and federal child-welfare confidentiality rules restrict disclosure of foster-care identifying information beyond what HIPAA otherwise governs, and the long-tail identity-theft risk for a child whose SSN is exposed before they have any credit history is materially higher than for an adult. Parents, guardians, and former foster youth on the affected list should freeze the affected child’s credit (a free service available at all three bureaus for minors) rather than rely solely on adult-style monitoring.
Class-action posture
As of this page’s lastUpdated date, no consolidated complaint or specific docket number has been publicly confirmed against Liberty Resources, Inc. in the U.S. District Court for the Northern District of New York or in New York state court. Plaintiff firms including Lynch Carpenter, LLP, Strauss Borrelli PLLC, Barnow and Associates, P.C., and EKSM opened investigations beginning November 2025. The ClassAction.org affiliated attorneys’ investigation is marked complete as of early 2026, indicating their internal evaluation phase concluded. That status does not mean a suit was filed or declined; it means they stopped actively soliciting clients for that investigation. Any individual who received a notification letter should consult counsel independently, as statutes of limitations apply.
The Rhysida attribution, the 665 GB leak-site posting, and the SSN-plus-government-ID-plus-clinical-data combination track closely with the fact patterns of other Rhysida-linked human-services nonprofit cases that have produced class settlements at comparable scale. A class filing in N.D.N.Y. or New York Supreme Court (Onondaga County) is likely once a named plaintiff is identified.
On the regulatory side, the breach remains listed on the HHS Office for Civil Rights portal as a Hacking/IT Incident at a network server. No public OCR enforcement resolution has been announced.
What to do
This week:
- Place a free credit freeze with Equifax, Experian, and TransUnion. This is the single highest-leverage protection against new-account fraud opened with your Social Security number and government-ID number, and it is independent of any monitoring Liberty Resources offered.
- Freeze your minor’s credit if your child was a Liberty Resources foster-care, early-childhood, or therapeutic-services client. Minor freezes are free at all three bureaus and require a separate written request with proof of guardianship.
- Enroll in any complimentary identity-theft protection Liberty Resources offered in your individual notification letter. The notification provides 12 months of credit and CyberScan monitoring through IDX, a $1 million insurance reimbursement policy, and fully managed identity-theft recovery services. To enroll, use the enrollment code in your mailed letter, or call IDX directly at 1-866-364-2383 (Monday through Friday, 9 a.m. to 9 p.m. Eastern). Do not let the enrollment window lapse.
- File IRS Form 14039 (Identity Theft Affidavit) to block a fraudulent tax return being filed under your SSN.
This month:
- Review Explanation of Benefits statements from your insurer for services you did not receive. Medical identity theft typically surfaces in EOBs weeks or months after the underlying fraud.
- Know your 42 CFR Part 2 rights. If your Liberty Resources services included substance-use disorder treatment, the redisclosure rules and remedies under Part 2 are stricter than the HIPAA defaults your notification letter describes. Consult counsel before signing any release that authorizes further disclosure of those records.
- Stop the ongoing flow of your health data. HealthConsent files HIPAA restriction requests and Health Information Exchange opt-outs across providers, insurers, HIEs, and prescription networks, so the demographic and insurance information exposed in this breach is not continuously re-shared and resold by other entities downstream.
- Watch for follow-on letters. Affiliated billing vendors, Medicaid Managed Care plans, and downstream programs may issue their own notifications referencing this same incident.
This page is a summary maintained by HealthConsent and was last cross-referenced against HIPAA Journal, the HHS OCR breach portal, plaintiff-firm investigation notices, and Liberty Resources’ substitute notice on the date listed in lastUpdated.
Sources
- HIPAA Journal: Liberty Resources Announces July 2024 Data Breach
- ClassAction.org: Liberty Resources Data Breach Exposes SSNs, Medical Info, More
- Strauss Borrelli PLLC: Liberty Resources Data Breach Investigation
- Lynch Carpenter (via GlobeNewswire): Liberty Resources Data Breach Claims Investigated
- Barnow and Associates, P.C.: Liberty Resources Data Breach Investigation
- ClaimDepot: Liberty Resources Data Breach Exposes Patient Social Security Numbers
- EKSM: Liberty Resources Announces Data Breach
- ClaimDepot: Liberty Resources Data Breach — State AG Filing List and Scope Timeline
- Liberty Resources Notification Letter (hosted by ClassAction.org)
- HHS Office for Civil Rights Breach Portal
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HIPAA Journal: Liberty Resources Announces July 2024 Data Breach
- ClassAction.org: Liberty Resources Data Breach Exposes SSNs, Medical Info, More
- Strauss Borrelli PLLC: Liberty Resources Data Breach Investigation
- Lynch Carpenter (via GlobeNewswire): Liberty Resources Data Breach Claims Investigated
- Barnow and Associates, P.C.: Liberty Resources Data Breach Investigation
- ClaimDepot: Liberty Resources Data Breach Exposes Patient Social Security Numbers
- EKSM: Liberty Resources Announces Data Breach
- ClaimDepot: Liberty Resources Data Breach — State AG Filing List and Scope Timeline
- Liberty Resources Notification Letter (hosted by ClassAction.org)
- HHS Office for Civil Rights Breach Portal
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.