Strauss Borrelli PLLC, a leading data breach law firm, is investigating Graebel Companies, Inc. (“Graebel”) regarding its recent data breach. The Graebel data breach involved sensitive personal information and protected health information belonging to an undetermined number of individuals.
ABOUT GRAEBEL COMPANIES, INC.:
Graebel is a human resource services management company based in Colorado. Founded in 1950, Graebel specializes in helping companies relocate their employees around the world, including offering services for relocation cost estimates, departure and immigration, settling and housing, language and cross-cultural training, and more.2,3,4,5,6,7 Headquartered in Aurora, Colorado, Graebel employs over 1,000 individuals and has provided staffing relocations services across 165 countries.3
WHAT HAPPENED?
Recently, Graebel announced that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice shared on its website, in December 2024, Graebel experienced a network disruption involving certain computer systems and services.1 As a result, Graebel launched an investigation to determine the nature of the incident.
Through its investigation, Graebel confirmed that sensitive personal information and protected health information in its systems may have been accessed and/or acquired by an unauthorized third party between December 19 and December 24, 2024. As a result, Graebel began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Address
- Date of birth
- Financial account information
- Electronic signature
- Driver’s license or government-issued identification numbers
- Health insurance information
- Medical information
As a result of the breach, Graebel posted notice of the breach on its website. Additionally, on November 10, 2025, Graebel began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Maine residents, Graebel is providing affected individuals with a list of the specific types of sensitive information impacted and 24 months of complimentary credit monitoring services.8 A link to the website breach notice is below.
If you received a breach notification letter from Graebel Companies, Inc.:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
LINKS
[1] https://www.graebel.com/legal/notice-of-data-event/
[3] https://www.linkedin.com/company/graebel-companies/about/
[4] https://www.graebel.com/relocation-services/pre-decision/
[5] https://www.graebel.com/relocation-services/departure/
[6] https://www.graebel.com/relocation-services/destination/
[7] https://www.graebel.com/relocation-services/settling-in/
[9] https://ago.vermont.gov/document/2025-11-10-graebel-companies-data-breach-notice-consumers
