Paylogix, a technology and billing solutions provider for voluntary employee benefits, confirmed that an unauthorized party accessed its computer systems between Nov. 13 and Nov. 18, 2025, copying files from the company’s network during that period.
The company, based in New York, posted a notice of the incident on its website describing what it called a “cyber event” that caused a network disruption affecting certain systems and services. Paylogix said it moved promptly to contain the breach and restore affected systems to secure, full functionality, while also launching a comprehensive review of the files that may have been involved.
Approximately two months after the intrusion, on Jan. 15, 2026, a ransomware group known as Akira claimed responsibility for the attack in a dark web posting, stating it had obtained 185 GB of data from the company. The posting alleged the stolen data included employee personal information such as Social Security numbers, passport information and driver’s license data, as well as client records, detailed financial files, internal confidential documents and non-disclosure agreements.
The scope of exposed information varied by individual. Paylogix’s notice stated that affected data may have included dates of birth, Social Security numbers and voluntary benefit information. In more limited cases, the breach also reportedly involved access credentials, driver’s license numbers, electronic signatures, financial account information and numbers, health insurance records, IRS PIN numbers, medical information, passport numbers, state identification numbers, taxpayer identification numbers and U.S. alien identification numbers.
Paylogix stated it notified federal and local law enforcement agencies and is cooperating with their ongoing investigation. The company said the consumer notification was not delayed at law enforcement’s request.
“The confidentiality, privacy, and security of information in our care are among our highest priorities,” the company said in its notice, adding that it moved quickly “to investigate this event, assess the security of our systems, and understand the information involved.”
The company acknowledged what it described as the evolving nature of cybersecurity and said it remains committed to evaluating and enhancing its security posture going forward.
Paylogix said it is working to establish a dedicated call center to field questions related to the incident. In the interim, affected individuals may contact the company by mail at 1025 Old Country Rd. #310, Westbury, NY 11590.
Click Here For The Original Source.
