On or about November 11, 2025, American Associated Pharmacies (“AAP”) issued a security notification regarding a ransomware-related data breach that may have exposed sensitive personal information. An unauthorized actor first gained access to AAP systems on October 13, 2024. While AAP reports no evidence of identity theft or fraud, the exposure of personal data poses a significant privacy risk. The company has partnered with IDX to provide complimentary identity protection services, including credit monitoring, CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and ID theft recovery services.
AAP is a national cooperative of independent pharmacies headquartered in Tennessee. The organization provides pharmacy services, technology solutions, and purchasing programs to its members across the United States.
Following the incident, AAP implemented additional security measures, including multifactor authentication, password resets, and enhanced monitoring tools. Impacted individuals are encouraged to enroll in the free identity protection service and remain vigilant against identity theft.
If you received a Data Breach notification letter from American Associated Pharmacies, it confirms that your information was potentially impacted.
What information is involved in the American Associated Pharmacies, LLC Data Breach?
Compromised information may include:
Name
Other Personal Data Elements (not specifically disclosed)
Your Personally Identifiable Information (PII) includes details that can be used to identify you. Organizations are legally obligated to safeguard this data, and failure to do so can result in statutory fines and other legal consequences. If PII is stolen, it may be exploited by criminals to commit identity fraud.
A specific category of PII is Protected Health Information (PHI), which pertains to personal medical data. PHI is safeguarded under both federal and state regulations. Entities such as healthcare providers and businesses that manage PHI must ensure its security. Just like PII, compromised PHI can be misused by identity thieves, and it’s common for cybercriminals to use both types of information together.
If your data has been exposed in a breach, one of the most effective steps you can take is to enroll in credit and identity monitoring services promptly.
Residents of California benefit from additional privacy protections under the California Consumer Privacy Act (CCPA), which grants enhanced rights regarding personal data. Additionally, California residents also benefit from medical privacy protections under the Confidentiality of Medical Information Act (CMIA), which specifically grants enhanced protections for confidential medical data.
If you received a NOTICE OF DATA BREACH letter from American Associated Pharmacies, your personal, financial, and/or medical information may be at risk. This type of data can be exploited by identity thieves to commit fraud and other crimes.
Contact the Privacy Breach Attorneys at Emery | Reddy today for a Free Case Review.