Migliaccio & Rathod LLP is involved in the CPAP Medical Supplies and Services Inc. data breach investigation that impacted 90,133 individuals and their sensitive, private information.

Between December 13, 2024, and December 21, 2024, an unauthorized actor accessed the cyber environment of CPAP Medical Supplies and Services Inc., wherein files containing identifiable protected health and personal information may have been accessed or downloaded without authorization. CPAP Medical Supplies and Services Inc. conducted an investigation of the potentially affected records and systems. Through that subsequent investigation, which concluded on June 27, 2025, CPAP Medical Supplies and Services Inc. determined that that hackers were able to compromise a significant amount of personal information. CPAP Medical Supplies and Services Inc. did not notify consumers of the data breach until August 15, 2025. The compromised information includes a variety of highly sensitive details including:

names,
personally identifiable information,
protected health information

The CPAP Medical Supplies and Services Inc. Data Breach Investigation

CPAP Medical Supplies and Services Inc. informed the Maine State Attorney General’s office of the breach, where a copy of the consumer notification letter can be found. All of the information stolen is likely valuable and dangerous to affected victims. As is likely to be the case with the CPAP Medical Supplies and Services Inc. data breach, in previous data breaches, victims of data theft have noticed identity theft attempts ranging from fraudulent charges on bank accounts or credit cards, to unauthorized credit card applications, to medical services or government services ordered in their name, to their information being posted on the dark web, to a massive uptick in the number of spam text messages, calls and emails received.

Are you a CPAP Medical Supplies and Services Inc. customer concerned that you might be affected by this breach?

If you have concerns that you have been affected by this breach, we would like to hear from you. Please complete the contact form on this page, send us an email at [email protected], or give us a call at (202) 470-3520.

The following will ask for your contact information so that we may reach you to talk about potential claims. This information is for our records only and will not be shared. By continuing, you consent to the collection of this information for these limited purposes.

Your name Your phone number Your email State of Residence Which data breach are you contacting us about?
Did you receive a notification that you were affected by the data breach?

Did you suffer harm after the data breach that was possibly related to the breach?

If yes, what kind of harm? Select all that apply.

Someone opened an account in your nameAttempted use of Social Security numberPaid money out-of-pocket for credit monitoringLost time spent dealing with the breachUnauthorized charges on a credit or banking accountOther

Would you like to join our newsletter to receive notifications about other investigations we're looking into, as well as updates on ongoing cases?

The lawyers at Migliaccio & Rathod LLP have years of experience in class action litigation against large corporations, including in cases involving data breaches such as this. More information about our current cases and investigations is available on our blog.

Office of the Maine AG notification

Consumer Data Breach Notification Letter

Data Breach FAQ

I received a notice that my information may have been involved in a data breach. What should I do?
Take the notification seriously and read it carefully. It should outline what specific information was affected (e.g., name, Social Security number, legal case data). Even if you believe your risk is minimal, it’s best to take proactive steps to protect yourself.

What immediate actions should I take?

Monitor your financial accounts – Regularly check your bank, credit card, and online accounts for unauthorized transactions.
Change your passwords – Update passwords for any accounts that may be connected to the breach. Avoid reusing old or similar passwords. Use a password manager if needed.
Set up two-factor authentication (2FA) – Enable 2FA on your email, banking, and other sensitive accounts to add an extra layer of protection.
Place a fraud alert or credit freeze – Contact one of the three major credit bureaus (Equifax, Experian, TransUnion) to place a fraud alert or freeze your credit report. This makes it harder for someone to open new accounts in your name.

What is credit monitoring, and should I use it?
Credit monitoring tracks your credit report for changes or suspicious activity. If the organization that was breached offers this service for free, it’s highly recommended you enroll. These services can alert you quickly to potential fraud.

How long do I need to stay vigilant?
The effects of a data breach can surface months or even years later. Stay alert to signs of identity theft for at least 12–24 months. Keep an eye on your credit reports, mail, and any unfamiliar account activity.

Who can I contact if I need help?
Use the contact details provided in the breach notification. You can also report identity theft to the Federal Trade Commission at www.identitytheft.gov for recovery resources.