Nonprofit behavioral health and substance use treatment provider.
Operation PAR, Inc., a Florida nonprofit addiction-treatment provider, detected unauthorized network access on or about June 10, 2025, with data potentially accessed between June 6 and June 10, 2025. The WorldLeaks ransomware/extortion group claimed responsibility, boasting of nearly 900,000 stolen files. DataBreach.com’s parse of the leaked set confirmed circulating fields of roughly 88,000 addresses, 13,200 phone numbers, 10,400 Social Security numbers, and 9,000 emails, and forensics indicated the cloud-based EHR was not compromised. The company’s notification additionally reported that names, medical records, and driver’s license information were involved; medical records and driver’s licenses were not confirmed in the parsed circulating dump. The incident was disclosed alongside related entities Boley Centers and digital-health vendor Eleos. Operation PAR posted a security-incident notice and began notifying affected individuals. Substance-use treatment records carry heightened protection under 42 CFR Part 2.
ObscureIQ assessment: Extremely sensitive. Exposure enables identity theft, medical fraud, stigma-based targeting, extortion, and privacy harms tied to addiction treatment or recovery status.
Even limited to the confirmed circulating fields (names, addresses, phone numbers, emails, and Social Security numbers), the exposure signals association with substance-use disorder treatment, carrying severe stigma and discrimination risk on top of identity-theft and healthcare-fraud harm. If the notification-reported medical records and driver’s licenses are in the full dump, extortion and medical-fraud risk rises further. The breach undermined client trust in a highly sensitive care setting and implicates federally protected treatment data.
Operation PAR, Inc. is a long-established Florida nonprofit providing substance-use disorder treatment, mental-health services, prevention programs, and related community behavioral-health support, primarily in the Tampa Bay/Pinellas County region. It maintains client identity, intake, insurance, counseling, and treatment records to coordinate care and recovery services.
Addiction recovery and prevention nonprofits collect highly sensitive client identity, contact, treatment, counseling, insurance, and support-service records across recovery and community-health operations.
Operation PAR posted a data-security incident notice and set up a dedicated help line after the June 2025 breach, which was disclosed alongside related entities Boley Centers and the digital-health vendor Eleos. Multiple class-action firms have opened investigations into the incident.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware / Extortion.
If you believe your information may be included:
Operation PAR, Inc., a Florida nonprofit addiction-treatment provider, detected unauthorized network access on or about June 10, 2025, with data potentially accessed between June 6 and June 10, 2025. The WorldLeaks ransomware/extortion group claimed responsibility, boasting of nearly 900,000 stolen…
Verified fields include Email Address, Full Name, Phone Number, Physical Address, Social Security Number.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation