MCBS, LLC 2025 Data Breach

MCBS LLC Healthcare Business Services Breach (2025): 6.6 Million Records Including SSN & Home Address Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

PEARMedicalEmail AddressFull NamePhone NumberPhysical AddressSocial Security Number
High SeverityWebsite / service breach

MCBS LLC Healthcare Business Services Breach (2025): 6.6 Million Records Including SSN & Home Address Exposed

Georgia-based medical billing and practice management services firm serving healthcare providers

Verified by ObscureIQ Intelligence
82/100Breach Risk Index
33Data Value
40Market Recency
188dSince Breach

Breach Intelligence Summary

Entity: MCBS, LLC · Actor: PEAR · Sources: 2 references
Attack: Unknown
Profile: Company · Healthcare revenue cycle and practice management services · Medical billing, coding, accounts receivable, and administrative support provider · USA
Timeline: Breach (2025-09-25) · Indexed (Oct 21, 2025) · Year (2025)
Exposure: 6.6M records · 5 fields: Email Address, Full Name, Phone Number, Physical Address, Social Security Number
Status: Reported

Executive Summary

MCBS, LLC, a Georgia-based medical billing and practice management firm, was hit by a ransomware attack carried out by the threat group PEAR in September 2025. The attack exposed approximately 6.6 million records. Because MCBS processes billing and administrative data on behalf of healthcare providers across the United States, the affected individuals are largely patients whose information was held by MCBS as part of its revenue cycle management services. The exposed data includes names, home addresses, email addresses, phone numbers, and Social Security numbers. This combination is particularly dangerous. Social Security numbers can be used to open fraudulent credit accounts, file false tax returns, and commit medical identity fraud, where an attacker uses a victim's identity to obtain healthcare services or insurance reimbursements. The healthcare context of this breach makes victims especially vulnerable to impersonation and insurance abuse, as well as phishing attempts that use accurate personal and medical details to appear credible. A class action lawsuit, Neff v. MCBS, LLC, was filed in the Southern District of Georgia in October 2025, alleging the company failed to adequately secure sensitive information. MCBS moved to dismiss the case in December 2025, arguing plaintiffs had not demonstrated actual harm. No settlement or further regulatory action had been publicly documented as of early 2026. Affected individuals should monitor their credit reports, consider placing a credit freeze with the three major bureaus, and remain alert to unsolicited contact referencing their healthcare or insurance information.

ObscureIQ assessment: Exposure from this type of medical billing dataset can enable identity theft, medical identity fraud, insurance abuse, patient impersonation, targeted phishing, and highly credible social engineering against both patients and providers. The reported inclusion of Social Security numbers, contact data, and potential medical information makes the breach especially dangerous because attackers can combine financial identity abuse with healthcare-themed fraud and long-tail extortion or doxxing risk.

Breach Impact

In September 2025 MCBS, LLC suffered a ransomware attack carried out by the PEAR group, exposing approximately 6.6 million records including names, email addresses, phone numbers, home addresses, and Social Security numbers. Because MCBS processes patient billing data on behalf of healthcare providers, the exposed records represent patient information from across its provider network rather than the company's own direct customers. A class-action lawsuit, Neff v. MCBS, LLC, was filed in October 2025 alleging cybersecurity negligence. MCBS notified affected individuals and reported the incident to regulators. No settlement or further regulatory action has been widely documented in public sources as of early 2026.

About MCBS, LLC

MCBS, LLC is a Georgia-based medical billing and practice management services firm providing revenue cycle management, coding, accounts receivable, and related administrative services to healthcare providers. The company operates as a business associate under HIPAA, processing patient financial and administrative data on behalf of its provider clients. It serves a substantial number of healthcare practices and facilities across the United States.

Why They Hold Your Data

A medical billing and practice management firm like MCBS typically handles patient identity data, contact details, insurance and claims information, billing records, account balances, clinical-adjacent administrative data, and internal provider operations data as part of revenue cycle management, coding, payment processing, and compliance support workflows. Because it works on behalf of healthcare providers, its systems can also contain especially sensitive patient-linked identifiers used to process claims and manage accounts across multiple practices.

Recent Developments

MCBS, LLC does not maintain a significant public profile beyond its service offering. No major organizational changes have been prominently reported in public sources in the period prior to the 2025 breach.

Data Points Exposed

5 verified field types
Email Address
Full Name High
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Identity theft and synthetic identity construction using government-issued IDs
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat
  • Full identity theft & synthetic identity fraud

Threat Actor: PEAR

PEAR
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the MCBS, LLC breach?

MCBS, LLC, a Georgia-based medical billing and practice management firm, was hit by a ransomware attack carried out by the threat group PEAR in September 2025. The attack exposed approximately 6.6 million records. Because MCBS processes billing and administrative data on behalf of healthcare…

What data was exposed?

Verified fields include Email Address, Full Name, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation