Pdl Customer Breach Guide

The breach is likely to draw scrutiny from state attorneys general and federal regulators, particularly given PDL’s role as a data processor for other businesses. Class-action lawsuits have already been filed in the Northern District of California, alleging negligence and violation of data protection laws.

PDL Confirms Customer Data Breach: Sensitive Information Exposed pdl customer breach

The breach, which appears to have occurred in late March 2026, reportedly exposed sensitive personal information belonging to thousands of individuals, including names, physical addresses, phone numbers, email addresses, and in some cases, partial financial data. The breach is likely to draw scrutiny from

PDL is notifying affected customers via email and has set up a dedicated response portal. The company is offering 24 months of complimentary credit monitoring and identity theft restoration services through a third-party provider. PDL is notifying affected customers via email and

Additionally, PDL has reset passwords for all affected user accounts and is enforcing multi-factor authentication (MFA) for any account that accesses its data brokerage portal going forward.

According to a statement released by PDL’s security team on April 13, an unauthorized third party gained access to a legacy customer database using compromised administrative credentials. The company first detected unusual activity on April 10, but a forensic investigation later revealed that the attacker had maintained access for approximately two weeks.

This incident serves as a reminder that even non-healthcare data brokers remain attractive targets for cybercriminals, and that legacy systems with weak security controls pose ongoing risks to customer privacy.