Skip to main content

New Horizons Data Breach Investigation | Ohio Privacy Lawyers

Written by Joseph Lyon on . Posted in Data Breach.

Earlier this year, NHB Holdings, LLC—a family-owned Ohio-based food services holding company—and its subsidiaries including New Horizons Baking Company, Genesis Baking Company, Metraco Transportation, and New Horizons Food Solutions disclosed a major cybersecurity incident. The data breach lawyers at The Lyon Firm are investigating the incident.

On January 11, 2025, the company uncovered unauthorized access to its systems, dating back to January 6 through January 10, 2025. A thorough investigation concluded that the personal information for approximately 9,476 individuals was compromised.

Who Is New Horizons?

NHB Holdings oversees a network of food production and distribution businesses that supply millions of buns, muffins, and related products to restaurants and retailers across multiple states. Despite its commercial focus, it was ill-prepared for what unfolded: attackers affiliated with the Cactus ransomware group claimed to have stolen 455 GB of data, including sensitive personal files, HR and financial records, contract data, and executive folders.

The breach revealed highly sensitive personally identifiable information (PII): individuals’ full names, Social Security numbers, dates of birth, addresses, government IDs, and even medical and financial records. Such data expose victims to serious identity theft risks and long-term vulnerability.

Affected individuals were notified via mail starting August 27–28, 2025, in compliance with state notification requirements. NHB has offered credit monitoring and identity protection services—12 months for Maine residents, 24 months for those in Massachusetts—and provided steps to help safeguard against identity theft.

Actions You Can Take Today

If you received a breach notification, you should:

  • Enroll in the free credit monitoring offered by New Horizons as soon as possible.

  • Place a fraud alert or credit freeze on your reports—increasing protection against unauthorized accounts being opened.

  • Regularly check your financial statements and credit reports for signs of suspicious activity.

  • Consider reaching out to your state Attorney General or law enforcement if you suspect misuse of your data.

Legal Implications & Potential Claims

Because such breaches expose data could cause emotional distress, financial loss, or other harms, victims may have legal grounds for compensation. NHB’s public disclosures and lateness in confirming data compromised may raise questions about whether the company acted with due diligence.

Individuals may seek recompense for credit monitoring costs, lost time resolving fraud issues, and emotional disruption—even if no fraud has been detected yet. Many class action law firms are already investigating potential claims for those affected.

Why Hire The Lyon Firm

Dealing with breach fallout is complex and emotionally draining. The Lyon Firm has years of experience settling privacy and data security cases in Ohio and stands ready to help individuals harmed by incidents like the New Horizons breach. Our team:

  • Reviews whether NHB breached privacy obligations or relevant cybersecurity laws.

  • Helps affected parties pursue compensation for fraud risk and related damages.

  • Assists with class or individual claims so victims don’t shoulder all the legal burden alone.

  • Offers clear guidance at every step, from credit monitoring tips to filing claims or pursuing legal remedies.

With the Lyon Firm in your corner, you gain representation that is empathetic, experienced, and ready to pursue justice on your behalf.

FAQs

What companies were affected by the New Horizons breach?

NHB Holdings and its subsidiaries—including New Horizons Baking Company, Genesis Baking Company, Metraco Transportation, and New Horizons Food Solutions—were affected.

When was the breach discovered and disclosed?

The breach occurred January 6–10, 2025, discovered on January 11, confirmed by July 11, and publicly disclosed in late August 2025.

What types of data were compromised?

Names, Social Security numbers, birthdates, addresses, government IDs, and other personal and financial information.

What can I do now if I was affected?

Enroll in provided credit monitoring, set up fraud alerts or freezes, and monitor accounts and reports for suspicious activity.

Do I have legal standing?

Yes—affected individuals may have claims if they suffered damages or are at risk due to exposure of their data. Consult an Ohio data breach firm like The Lyon Firm to explore options.

CONTACT THE LYON FIRM TODAY

Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.