On September 16, 2025, Form Energy Inc. (“Form Energy”) discovered it was the victim of a ransomware attack that impacted its internal systems. The breach occurred when an unauthorized third party accessed Form Energy’s environment and exfiltrated files containing sensitive personal information. Although Form Energy reports no evidence of misuse, the exposure of this data constitutes a serious privacy risk.
Form Energy, Inc. is a technology company headquartered in Somerville, Massachusetts, specializing in multi-day energy storage systems and iron-air battery technology. The company employs over 1,000 individuals and operates facilities in Massachusetts, West Virginia, and California.
Form Energy sent data breach notification letters to affected individuals beginning October 22, 2025, and offered complimentary identity protection services through Experian IdentityWorks for 24 months. If you received a Data Breach notification letter from Form Energy, it confirms that your information was potentially impacted.
What information is involved in the Form Energy Data Breach?
Compromised information may include:
Name
Social Security Number
Address
Date of Birth
Bank Account Number
I-9 Verification Documents (driver’s license, permanent resident card, alien registration card, or passport)
Beneficiary Information (if applicable)
Your Personally Identifiable Information (PII) includes details that can be used to identify you. Organizations are legally obligated to safeguard this data, and failure to do so can result in statutory fines and other legal consequences. If PII is stolen, it may be exploited by criminals to commit identity fraud.
A specific category of PII is Protected Health Information (PHI), which pertains to personal medical data. PHI is safeguarded under both federal and state regulations. Entities such as healthcare providers and businesses that manage PHI must ensure its security. Just like PII, compromised PHI can be misused by identity thieves, and it’s common for cybercriminals to use both types of information together.
If your data has been exposed in a breach, one of the most effective steps you can take is to enroll in credit and identity monitoring services promptly.
Residents of California benefit from additional privacy protections under the California Consumer Privacy Act (CCPA), which grants enhanced rights regarding personal data.
If you received a NOTICE OF DATA BREACH letter from Form Energy, Inc., your personal, financial, and/or medical information may be at risk. This type of data can be exploited by identity thieves to commit fraud and other crimes.