Ahtna, Inc. Data Breach

On July 28, 2025, Ahtna, Inc. (“Ahtna”) discovered potential unauthorized access to information stored within its systems. The organization immediately contained its network and began investigating with the help of external cybersecurity professionals. The investigation determined that an unauthorized third party accessed certain Ahtna systems between April 20, 2025 and June 1, 2025, during which the attacker acquired files containing sensitive information.

After a detailed file review, Ahtna confirmed on October 22, 2025, that specific individuals’ personal information was present in the compromised files. The company then began efforts to locate valid address information for affected individuals, completing that process on January 20, 2026, followed by notification letters.

Ahtna, Inc. is an Alaska Native Regional Corporation established in 1971, representing the Ahtna Athabaskan people of the Copper River region. With headquarters in Glennallen and Anchorage, Alaska, the company manages over 1.5 million acres of land and focuses on responsible economic growth for its shareholders. Ahtna operates a diverse family of companies specializing in construction, environmental services, logistics, and management, often partnering with federal and private sectors.

As part of its investigation and response, the company implemented security measures, began reviewing internal policies, and offered complimentary identity monitoring services to those affected.

Following the incident, Ahtna engaged CyberScout, a TransUnion company, to provide credit monitoring, identity restoration services, and fraud assistance. Impacted individuals were sent data breach notification letters and given instructions for enrollment in complimentary identity protection services.

If you received a Data Breach Notification Letter from Ahtna, Inc., it confirms that your information was potentially impacted.

What information is involved in the Ahtna, Inc. Data Breach?

Compromised information may include:

Your Personally Identifiable Information (PII) includes details that can be used to identify you. Organizations are legally required to protect this information, and when compromised, consumers may face risks of identity theft and fraud.

A specific category of PII is Protected Health Information (PHI), which pertains to personal medical data. PHI is safeguarded under both federal and state regulations. Entities such as healthcare providers and businesses that manage PHI must ensure its security. Just like PII, compromised PHI can be misused by identity thieves, and it’s common for cybercriminals to use both types of information together.

Ahtna has advised impacted individuals to remain vigilant by monitoring account statements, credit reports, and financial statements. The company is offering credit monitoring, fraud assistance, and identity restoration services through CyberScout.

If your data is exposed, criminals may use the information to commit identity theft, open fraudulent accounts, or engage in other forms of misuse. Prompt enrollment in monitoring services is one of the most effective steps you can take to protect yourself.

Residents of California benefit from additional privacy protections under the California Consumer Privacy Act (CCPA), which grants enhanced rights regarding personal data. Additionally, California residents also benefit from medical privacy protections under the Confidentiality of Medical Information Act (CMIA), which specifically grants enhanced protections for confidential medical data.

If you received a NOTICE OF DATA BREACH letter from Ahtna, Inc., your personal information may be at risk and could be misused for identity theft or fraud.

Contact the Data Breach Attorneys at Emery | Reddy today for a Free Case Review.