Strauss Borrelli PLLC, a leading data breach law firm, is investigating Leidos QTC Health Commercial Services, which does business as First Rehabilitation Resources (“Leidos”), regarding its recent data breach. The Leidos data breach involved sensitive personal information and protected health information belonging to an undetermined number of individuals.
ABOUT LEIDOS QTC HEALTH COMMERCIAL SERVICES D/B/A FIRST REHABILITATION RESOURCES:
Leidos is a disability and occupational health examination service based in California. Founded in 1981, Leidos specializes in providing a range of services for workers’ compensation, short- and long-term disability, and general liability cases, including on-site case management, job placement, liability reviews, medical cost projection, trauma response and crisis debriefing, and more.2,3 Groups that receive case management services from Leidos include insurance carriers, third-party administrators, government entities, attorneys, employers, etc.2 Headquartered in San Dimas, California, Leidos employs over 3,500 individuals and operates more than 90 clinics and offices across the world.3
WHAT HAPPENED?
Recently, Leidos reported to the Attorney General of the Commonwealth of Massachusetts that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice, in August 2025, Leidos became aware of suspicious activity on its email system.1 As a result, Leidos launched an investigation to determine the nature of the incident.
In the sample breach notice provided to the Attorney General of the Commonwealth of Massachusetts, Leidos does not elaborate further on the nature of the security incident that impacted its systems. In response to the incident, Leidos began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Date of birth
- Driver’s license number
- Government ID number
- Medical information
- Health insurance information
As a result of the breach, Leidos began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Massachusetts residents, Leidos is providing affected individuals with a list of the specific types of sensitive information impacted and 24 months of complimentary credit monitoring services. A link to the form breach notification letters that Leidos filed with the Attorney General of the Commonwealth of Massachusetts is below.
If you received a breach notification letter from Leidos QTC Health Commercial Services d/b/a First Rehabilitation Resources:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
