Operation PAR, Inc. 2025 Data Breach

Operation PAR Nonprofit Addiction Recovery Provider Breach (2025): 88K Records Including SSN & Contact Data Exposed via WorldLeaks Ransomware | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

WorldLeaksRansomware / ExtortionMedicalAddictionEmail AddressFull NamePhone NumberPhysical AddressSocial Security Number
High SeverityWebsite / service breach

Operation PAR Nonprofit Addiction Recovery Provider Breach (2025): 88K Records Including SSN & Contact Data Exposed via WorldLeaks Ransomware

Nonprofit behavioral health and substance use treatment provider.

Verified by ObscureIQ Intelligence
77/100Breach Risk Index
40Data Value
40Market Recency
294dSince Breach

Breach Intelligence Summary

Entity: Operation PAR, Inc. · Actor: WorldLeaks · Sources: 2 references
Attack: Ransomware / Extortion
Profile: Nonprofit · Addiction recovery and prevention services · Community health organization · USA
Timeline: Breach (2025-06-10) · Year (2025)
Exposure: 88K records · 5 fields: Email Address, Full Name, Phone Number, Physical Address, Social Security Number
Status: Confirmed

Executive Summary

Operation PAR, Inc., a Florida nonprofit addiction-treatment provider, detected unauthorized network access on or about June 10, 2025, with data potentially accessed between June 6 and June 10, 2025. The WorldLeaks ransomware/extortion group claimed responsibility, boasting of nearly 900,000 stolen files. DataBreach.com’s parse of the leaked set confirmed circulating fields of roughly 88,000 addresses, 13,200 phone numbers, 10,400 Social Security numbers, and 9,000 emails, and forensics indicated the cloud-based EHR was not compromised. The company’s notification additionally reported that names, medical records, and driver’s license information were involved; medical records and driver’s licenses were not confirmed in the parsed circulating dump. The incident was disclosed alongside related entities Boley Centers and digital-health vendor Eleos. Operation PAR posted a security-incident notice and began notifying affected individuals. Substance-use treatment records carry heightened protection under 42 CFR Part 2.

ObscureIQ assessment: Extremely sensitive. Exposure enables identity theft, medical fraud, stigma-based targeting, extortion, and privacy harms tied to addiction treatment or recovery status.

Breach Impact

Even limited to the confirmed circulating fields (names, addresses, phone numbers, emails, and Social Security numbers), the exposure signals association with substance-use disorder treatment, carrying severe stigma and discrimination risk on top of identity-theft and healthcare-fraud harm. If the notification-reported medical records and driver’s licenses are in the full dump, extortion and medical-fraud risk rises further. The breach undermined client trust in a highly sensitive care setting and implicates federally protected treatment data.

About Operation PAR, Inc.

Operation PAR, Inc. is a long-established Florida nonprofit providing substance-use disorder treatment, mental-health services, prevention programs, and related community behavioral-health support, primarily in the Tampa Bay/Pinellas County region. It maintains client identity, intake, insurance, counseling, and treatment records to coordinate care and recovery services.

Why They Hold Your Data

Addiction recovery and prevention nonprofits collect highly sensitive client identity, contact, treatment, counseling, insurance, and support-service records across recovery and community-health operations.

Recent Developments

Operation PAR posted a data-security incident notice and set up a dedicated help line after the June 2025 breach, which was disclosed alongside related entities Boley Centers and the digital-health vendor Eleos. Multiple class-action firms have opened investigations into the incident.

Data Points Exposed

5 verified field types
Email Address
Full Name High
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Extortion and stigma-based targeting exploiting addiction-treatment status
  • Medical identity fraud and insurance abuse using medical records
  • Identity theft and synthetic identity construction using SSN and driver’s license
  • Targeted phishing, smishing, and vishing using exposed contact data
  • Doxxing and physical targeting from exposed home addresses
  • Discrimination risk from disclosure of substance-use treatment
Threat vectors:
  • Stigma-based targeting & coercion
  • Medical extortion, insurance fraud & discrimination
  • Full identity theft & synthetic identity fraud
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: WorldLeaks

WorldLeaks
Ransomware / Extortion

Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware / Extortion.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Operation PAR, Inc. breach?

Operation PAR, Inc., a Florida nonprofit addiction-treatment provider, detected unauthorized network access on or about June 10, 2025, with data potentially accessed between June 6 and June 10, 2025. The WorldLeaks ransomware/extortion group claimed responsibility, boasting of nearly 900,000 stolen…

What data was exposed?

Verified fields include Email Address, Full Name, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation