Victory Disability and Madison Healthcare Services Report Data Breaches
Post Summary
Two organizations, Victory Disability and Madison Healthcare Services, have recently disclosed data breaches that exposed sensitive information. The incidents, which occurred in late 2025 and the summer of 2025, respectively, highlight ongoing cybersecurity risks across industries.
Breach at Victory Disability
Victory Disability, a Pennsylvania-based law firm specializing in assisting veterans with Social Security and disability claims, reported a data breach after discovering in November 2025 that an unauthorized party had accessed its network. According to the investigation, the breach occurred between October 27, 2025, and November 12, 2025. During this time, sensitive client data was exposed and potentially obtained by the attacker.
The compromised information included names, addresses, telephone numbers, email addresses, and Social Security numbers. Additionally, for some individuals, information such as dates of birth, diagnoses, treatment details, lab results, and medication information was also exposed. The specific data varied depending on the information shared with the firm in connection with claims.
Victory Disability worked with third-party digital forensics specialists to investigate the incident and has taken measures to monitor dark web forums and marketplaces for any release of the stolen data. "At the time of issuing notifications, no evidence had been found to indicate any of the affected data had been posted on the clear or dark web", the firm stated.
To mitigate risks to affected individuals, Victory Disability is providing complimentary credit monitoring and identity theft protection services for 24 months. The breach has been reported to regulators, though the number of impacted individuals has not yet been disclosed.
sbb-itb-535baee
Madison Healthcare Services Targeted by Cyberattack
Minnesota-based healthcare provider Madison Healthcare Services has also disclosed a cybersecurity incident involving unauthorized access to patient data. The breach, which occurred between July 2025 and August 2025, was detected after suspicious network activity was identified.
An ongoing investigation has yet to determine the exact number of individuals affected or the specific types of data involved. However, Madison Healthcare has reported the incident to the HHS Office for Civil Rights using a placeholder figure of at least 500 individuals. The final number will be updated following the completion of the file review, and affected individuals will be notified by mail.
The Worldleaks threat group has claimed responsibility for the attack, stating that it published the stolen data on its dark web leak site in September after the healthcare provider did not pay a ransom.
In the meantime, Madison Healthcare has urged its patients to remain vigilant against potential identity theft and fraud.
Cybersecurity Concerns on the Rise
These recent disclosures from Victory Disability and Madison Healthcare Services underscore the growing threat of cyberattacks targeting organizations that handle sensitive personal and medical information. Both incidents illustrate the importance of robust cybersecurity measures and the need for organizations to remain vigilant in safeguarding their networks and data. As investigations continue, affected individuals are encouraged to take proactive steps to protect themselves from potential misuse of their data.
