Posillico, Inc. Data Breach

On December 8, 2025, Posillico, Inc. (“Posillico”) discovered a network disruption affecting its systems. The company immediately secured its environment, engaged independent cybersecurity experts, and launched an investigation into the scope of the incident.

The forensic review determined that certain files were potentially accessed or acquired without authorization. On January 6, 2026, Posillico confirmed that personal information was contained within the impacted files. At this time, Posillico reports no evidence of fraud or misuse involving the compromised information.

Founded in 1946, Posillico is a construction and infrastructure services company operating nationally across multiple service lines. They specialize in large infrastructure, environmental, and public works projects.

Following the breach, the company implemented enhanced security measures to reduce the risk of future incidents and reported the matter to the FBI’s Internet Crime Complaint Center. Posillico is also providing affected individuals with access to complementary identity protection services through IDX, which include credit monitoring, dark web monitoring, identity theft recovery, and a $1 million identity fraud loss reimbursement policy.

If you received a Data Breach Notification letter from Posillico, it means your information may have been accessed during this incident.

What information is involved in the Posillico Data Breach?

Compromised information may include:

Your Personally Identifiable Information (PII) includes sensitive details that can be used to identify you. Organizations are legally required to safeguard this information, and failure to do so can result in legal consequences. When PII is stolen, it may be exploited by criminals to commit identity theft or fraud.

A subset of PII — Protected Health Information (PHI) — includes medical and health‑related data. PHI is protected under federal and state laws, and healthcare providers are required to ensure its security. If compromised, PHI can be misused alongside PII to commit more extensive identity‑related fraud.

If your data has been exposed in a breach, enrolling promptly in credit and identity monitoring services is one of the most effective steps you can take. Posillico advises affected patients to stay alert, monitor financial and insurance statements closely, and consider placing fraud alerts or security freezes with major credit bureaus.

California residents benefit from additional privacy protections under the California Consumer Privacy Act (CCPA), which provides enhanced rights related to personal data. California also enforces the Confidentiality of Medical Information Act (CMIA), which imposes strict safeguards for medical information.

If you received a NOTICE OF DATA BREACH letter from Posillico, your personal and/or medical information may be at risk. This type of sensitive data can be misused by identity thieves to commit fraud and other crimes.

Contact the Data Breach Lawyers at Emery | Reddy, PC for a Free Case Review today.