Kaplan North America Data Breach Exposes Thousands of Social Security Numbers

Kaplan North America told state regulators that at least 230,000 people had Social Security and driver's license numbers leaked following a cybersecurity incident in the fall of 2025. The Fort Lauderdale, Florida-based test-prep and professional licensing giant waited nearly four months to notify those affected, a delay that at least one law firm says may have broken state and federal law.

An unauthorized actor accessed Kaplan's computer servers between October 30, 2025, and November 18, 2025, and during that roughly three-week window, the intruder took certain files from the network. After discovering the incident, Kaplan said it secured its network and launched an investigation with outside IT security specialists, and on February 21, 2026, the investigation determined that the stolen files contained consumers' names, Social Security numbers and/or driver's license numbers. The letters sent to victims say law enforcement was called after the incident was discovered.

Despite completing that internal determination in late February, Kaplan did not notify impacted individuals until March 17, 2026, which may have violated state and federal laws. The Florida-based company filed breach notification letters in at least seven states but did not respond to requests for comment about the total number of people impacted.

Only a select number of states publish the number of people impacted by a data breach, and the amounts disclosed by Kaplan add up to 230,941 affected people. State-level filings tell part of the story: the breach affected 173,676 Texas residents, 26,612 South Carolina residents, 19,075 Maine residents, 11,653 New Hampshire residents, and 2,045 individuals in Rhode Island.

Kaplan offers services such as test preparation and professional certifications to over 1.2 million students, as well as thousands of corporate clients and university partners. That broad customer base, spanning students sitting for licensing exams to corporate training programs, helps explain why the breached dataset contains the kind of government-issued identifiers typically required for enrollment verification.

Kaplan is offering affected customers one year of complimentary credit monitoring and identity theft restoration services through Experian. Affected individuals are encouraged to enroll in the free Experian IdentityWorks credit monitoring before the June 30, 2026, deadline.

At least six law firms have launched investigations in the week since notifications went out. Wolf Haldenstein Adler Freeman & Herz LLP announced its probe on March 18 from New York and Chicago, noting that Kaplan is notifying affected people that their personal information, including at least names, Social Security numbers, and driver's license numbers may have been stolen. Schubert Jonckheer & Kolbe LLP, Federman & Sherwood, Stueve Siegel Hanson LLP, Murphy Law Firm, and Strauss Borrelli PLLC have each announced separate investigations. Murphy Law Firm was the most recent, issuing its announcement on March 23.

Schubert Jonckheer & Kolbe has framed the delayed notification as the central legal vulnerability, stating that affected individuals may be at risk of identity theft and other serious violations of their privacy and as a result may be entitled to money damages and an injunction requiring changes to Kaplan's cybersecurity practices.

Unlike many recent breaches involving only contact information, this dataset contains identity-critical information that significantly increases the risk of fraud and identity theft. Exposure of Social Security numbers and driver's license information creates elevated risk because these identifiers cannot easily be changed, meaning the impact may persist well beyond the initial disclosure.

Those who received a notification letter and wish to explore legal options can contact Stueve Siegel Hanson attorney Tanner Edwards at 816-714-7122 or tanner@stuevesiegel.com, or reach Federman & Sherwood at 1-800-237-1277 or info@federmanlaw.com. Schubert Jonckheer & Kolbe's Sonum Dixit can be reached at sdixit@sjk.law or 415-299-8207.