Pdl: Customer Breach

According to a statement released by PDL’s security team on April 13, an unauthorized third party gained access to a legacy customer database using compromised administrative credentials. The company first detected unusual activity on April 10, but a forensic investigation later revealed that the attacker had maintained access for approximately two weeks.

PDL Confirms Customer Data Breach: Sensitive Information Exposed

PDL is notifying affected customers via email and has set up a dedicated response portal. The company is offering 24 months of complimentary credit monitoring and identity theft restoration services through a third-party provider. pdl customer breach

This incident serves as a reminder that even non-healthcare data brokers remain attractive targets for cybercriminals, and that legacy systems with weak security controls pose ongoing risks to customer privacy.

PDL, a prominent data brokerage and identity verification service, has confirmed a significant customer data breach after a threat actor leaked a portion of its internal database on a cybercrime forum over the weekend. According to a statement released by PDL’s security

“We immediately launched a full containment protocol upon discovery,” said PDL spokesperson Maya Cortez. “Our preliminary investigation indicates that the exposed data relates to a subset of enterprise customers who used our identity verification services between 2022 and 2025. We have since secured the affected server and are rotating all internal access keys.”

National

Additionally, PDL has reset passwords for all affected user accounts and is enforcing multi-factor authentication (MFA) for any account that accesses its data brokerage portal going forward.