Alcott HR Data Breach Lawsuit Investigation
Received an June 2026 breach notice from Alcott HR?
Dapeer Law, P.A. is investigating a potential class action against Alcott HR, a New York based human resources outsourcing and professional employer organization, on behalf of individuals whose personal information may have been exposed in a cyber incident the company disclosed in June 2026.
Who may qualify
You may be eligible to participate in a class action if any of the following applies:
- You received a data breach notification letter from Alcott HR dated June 2026.
- Your letter offered enrollment in 24 months of free identity theft protection through Cyberscout, a TransUnion company.
- You had personal information held by Alcott HR in its capacity as a human resources and payroll services provider, including current or former employees of its client companies.
- No proof of harm required to consult with counsel. You do not need to have already suffered identity theft to explore your legal options.
- Excluded: individuals who did not receive a breach notice and whose information was not involved in the incident.
Not sure if you qualify?
Send us your notice, we'll confirm your eligibility at no cost.
What happened
According to a notice filed with the California Attorney General, Alcott HR noticed unusual activity on some of its internal systems in February 2025. The company says it implemented its incident response protocols, reported the matter to law enforcement, and engaged independent computer forensic experts to investigate. The investigation determined that an unauthorized user gained access to Alcott HR systems where personal information was stored.
Alcott HR completed its review of the affected information in March 2026 and began mailing notification letters to affected individuals on June 15, 2026. The letters state that the potentially accessed information may include name, Social Security number, and date of birth. Alcott HR is offering 24 months of identity theft protection through Cyberscout, a TransUnion company, and recipients must enroll within 90 days of the date on their letter. The company has not publicly disclosed the total number of people affected.
Alcott HR notes that its human capital management platform, iSolved, which stores employee tax forms, benefits enrollment, and banking information, was not impacted. Because the data reported as potentially accessed includes Social Security numbers and dates of birth, affected individuals may face an elevated and long lasting risk of identity theft and financial fraud, since those identifiers cannot be easily changed.
What to do if you received a letter
Keep your notice letter
Do not discard it. Your letter contains the enrollment code for credit monitoring and is important evidence if you decide to participate in a lawsuit.
Enroll in the free 24-month identity theft protection
Enroll in the Cyberscout (TransUnion) identity theft protection offered in your letter within 90 days of the letter date. Accepting this benefit does not waive your right to pursue legal action.
Place a fraud alert or credit freeze
Contact Equifax, Experian, and TransUnion to place a fraud alert or freeze on your file. Request a free weekly credit report from AnnualCreditReport.com, and use the FTC's IdentityTheft.gov recovery guide.
Speak with a data breach attorney
Consultations with Dapeer Law are free and confidential. We'll review your notice, explain your options, and advise whether you may be eligible to join a class action.
Submit your notice for a free review
Two minutes online. A licensed attorney reviews every submission.
Breach timeline
Compensation you may be entitled to
Out-of-pocket expenses
Credit freezes, identity restoration services, and other costs incurred responding to the breach.
Time spent monitoring
Hours spent reviewing accounts, disputing fraudulent charges, and dealing with identity theft issues.
Identity theft & fraud losses
Unreimbursed funds stolen from accounts, unauthorized credit lines, or tax refund fraud tied to the breach.
Statutory damages
Certain state data breach and consumer protection statutes provide for fixed damages regardless of actual loss.
Injunctive relief
Court orders requiring Alcott HR to implement stronger data security practices going forward.
Compensation categories depend on applicable state law, the types of data exposed, and documented losses. No recovery is guaranteed.
Common questions
I received a data breach letter from Alcott HR. What should I do? +
Keep your notice letter, enroll in the 24 months of free identity theft protection through Cyberscout within 90 days of the letter date, and remain vigilant by monitoring your financial accounts and credit reports. Because Social Security numbers may have been involved, you may also wish to place a fraud alert or security freeze with the three credit bureaus. You can then contact a data breach attorney to understand your legal options.
Am I eligible to join a class action against Alcott HR? +
Individuals who received a data breach notification letter from Alcott HR are likely eligible to have their claims evaluated. Factors that affect a potential claim include your state of residence, the categories of data exposed, and whether you experienced any fraud or out-of-pocket losses. A free consultation can help clarify where you stand.
How much money could I receive from a class action lawsuit? +
Data breach class action recoveries vary significantly. Settlements typically range from a few hundred dollars for basic out-of-pocket losses to several thousand dollars for documented identity theft, with class size, damages, and negotiation all affecting the final amount. No payout is guaranteed, and this investigation has not yet resulted in a settlement.
What personal information was exposed in the breach? +
The notice filed with the California Attorney General states that the potentially accessed information may include name, Social Security number, and date of birth. Alcott HR has said its iSolved human capital management platform was not impacted. You should check your individual letter, which may describe the specific data involved for you.
Did Alcott HR offer free credit monitoring? +
Yes. Alcott HR is offering 24 months of identity theft protection through Cyberscout, a TransUnion company. You must enroll within 90 days of the date printed on your letter using the unique code it contains. Enrolling does not waive your right to pursue a legal claim.
How many people were affected by the Alcott HR breach? +
Alcott HR has not publicly disclosed the total number of affected individuals in its filing. This page will be updated as more information becomes available.
Is there a deadline to take legal action? +
Yes. Statutes of limitations for data breach claims vary by state and legal theory, typically ranging from one to six years. Waiting can permanently bar your claim. Contact us as soon as possible for a free evaluation.
How do I get a copy of the official breach notice? +
The notice was filed with the California Attorney General and is available through the California Attorney General's data breach notification portal. Dapeer Law can also help you obtain a copy during a free consultation.
Sources & references
- Official breach notice filing · California Attorney General, Data Breach Notifications Portal
- Company · Alcott HR (alcotthr.com)
- Credit bureau freezes · Equifax · Experian · TransUnion
- Free weekly credit reports · AnnualCreditReport.com
- Identity theft recovery guide · FTC IdentityTheft.gov
Don't let the deadline decide for you. Submit your claim today.
You only have a limited window to act. Our team will review your notice, explain your options, and tell you whether you may be eligible to recover compensation, at no cost to you.
