Xsolis Data Breach Affects 1.4 Million Individuals
Healthcare technology company Xsolis disclosed a data breach impacting nearly 1.4 million individuals. The breach, stemming from a phishing attack in January 2026, exposed personal and protected health information including names, dates of birth, addresses, Social Security numbers, health insurance information, and medical treatment details.
Signal context
First seen: Jun 23, 2026
Last updated: Jun 26, 2026
Status: Public signal
Key points
- Nearly 1.4 million individuals were affected.
- The breach resulted from a targeted phishing attack in January 2026.
- Exposed data includes names, dates of birth, addresses, Social Security numbers, health insurance information, and medical treatment information.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Finance and Insurance
Likely country: Location not provided
Watch phishing, executive impersonation and account-takeover exposure.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data
- 19 signals in the same sector
- 93 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Xsolis Data Breach Affects 1.4 Million Individuals - SecurityWeekhttps://www.securityweek.com/xsolis-data-breach-affects-1-4-million-individuals/Public source from securityweek.com.
Xsolis breach exposes personal and health data of 1.4 million peoplehttps://www.scmagazine.com/brief/xsolis-breach-exposes-personal-and-health-data-of-1-4-million-peoplePublic source from scmagazine.com.
Related signals
Grouped by why the signal is relevant.
City of Aurora loses $1.1M in phone scam cyber attack
The City of Aurora lost approximately $1.1 million from city bank accounts after an employee fell victim to a phone-based social engineering scam. Attackers gained access to city bank account information and fraudulently transferred public funds.
Tejarat Bank Affected by Cyberattacks in Iran
Tejarat Bank was among three major Iranian banks affected by a wave of cyberattacks reported on June 23, 2026. The incident prompted a temporary nationwide suspension of card-based services to prevent unauthorized access. This follows an earlier wave of disruptions in mid-June.
Saderat Bank Affected by Cyberattacks in Iran
Saderat Bank was among three major Iranian banks affected by a wave of cyberattacks reported on June 23, 2026. The incident prompted a temporary nationwide suspension of card-based services to prevent unauthorized access. This follows an earlier wave of disruptions in mid-June.
Risk Strategies Data Breach Exposes Social Security Numbers and Medical Information
Risk Strategies (RSC Insurance Brokerage Inc.) disclosed a data breach involving sensitive personal and medical information. All affected individuals had their names and Social Security numbers exposed, and for some, medical information, medical records, and health, dental, or vision insurance details were also compromised. 47 Massachusetts residents were identified as affected.
Melli Bank Affected by Cyberattacks in Iran
Melli Bank was among three major Iranian banks affected by a wave of cyberattacks reported on June 23, 2026. The incident prompted a temporary nationwide suspension of card-based services to prevent unauthorized access. This follows an earlier wave of disruptions in mid-June.
London Hydro Discloses Data Breach Affecting Customer Information
Canadian electricity provider London Hydro announced a data breach that potentially impacted the personal and account information of its customers. The exposed data may include names, addresses, email addresses, phone numbers, account and billing numbers, service addresses, pricing plans, contract dates, and meter numbers. The utility became aware of suspicious activity on a customer account on June 18, 2026, and an investigation determined a system vulnerability was exploited. No financial or other sensitive information like dates of birth or government IDs were compromised.