Strauss Borrelli PLLC, a leading data breach law firm, is investigating CPAP Medical Supplies and Services Inc. (“CPAP Medical”), regarding its recent data breach. The CPAP Medical data breach may have involved sensitive personal identifiable information and protected health information belonging to over 90,000 customers.
ABOUT CPAP MEDICAL SUPPLIES AND SERVICES INC.:
CPAP Medical is an in-network military provider for CPAP supplies based in Florida. Providing specialized deployment kits for mobilizing military members, CPAP Medical specializes and focuses on sleep therapy for active duty & retired military service members and their families.2 Headquartered in Jacksonville, Florida, CPAP Medical provides CPAP services and supplies nationwide. 2
WHAT HAPPENED?
Recently, CPAP Medical reported to the Attorney General of California that it had experienced a data breach in which the sensitive personal identifiable information and protected health information in its systems may have been accessed.1 According to the breach notice, CPAP Medical learned that an unauthorized actor gained access to its network environment.1 As a result, CPAP Medical launched an investigation to determine the nature of the incident.
Through its investigation, CPAP Medical discovered on June 27, 2025, that the impacted systems were accessed between December 13 and December 21, 2024, and contained sensitive information.1 As a result, CPAP Medical began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. The exact type of personal information potentially exposed has not been made publicly available by CPAP Medical. However, according to California state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license number, California identification card number, tax identification number, passport number, military identification number, or other unique identification number issued on a government document
- Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account
- Medical information
- Health insurance information
- Unique biometric data, such as a fingerprint, retina, or iris image, used to authenticate a specific individual
- Genetic data
As a result, CPAP Medical posted notice of the incident on its website and began sending notice to impacted individuals. Based on the breach notice sent to California residents, CPAP Medical is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification that CPAP Medical posted to its website is below.
If you received a breach notification letter from CPAP Medical Supplies and Services Inc.:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
