
Earlier this year, NHB Holdings, LLC—a family-owned Ohio-based food services holding company—and its subsidiaries including New Horizons Baking Company, Genesis Baking Company, Metraco Transportation, and New Horizons Food Solutions disclosed a major cybersecurity incident. The data breach lawyers at The Lyon Firm are investigating the incident.
On January 11, 2025, the company uncovered unauthorized access to its systems, dating back to January 6 through January 10, 2025. A thorough investigation concluded that the personal information for approximately 9,476 individuals was compromised.
NHB Holdings oversees a network of food production and distribution businesses that supply millions of buns, muffins, and related products to restaurants and retailers across multiple states. Despite its commercial focus, it was ill-prepared for what unfolded: attackers affiliated with the Cactus ransomware group claimed to have stolen 455 GB of data, including sensitive personal files, HR and financial records, contract data, and executive folders.
The breach revealed highly sensitive personally identifiable information (PII): individuals’ full names, Social Security numbers, dates of birth, addresses, government IDs, and even medical and financial records. Such data expose victims to serious identity theft risks and long-term vulnerability.
Affected individuals were notified via mail starting August 27–28, 2025, in compliance with state notification requirements. NHB has offered credit monitoring and identity protection services—12 months for Maine residents, 24 months for those in Massachusetts—and provided steps to help safeguard against identity theft.
If you received a breach notification, you should:
Because such breaches expose data could cause emotional distress, financial loss, or other harms, victims may have legal grounds for compensation. NHB’s public disclosures and lateness in confirming data compromised may raise questions about whether the company acted with due diligence.
Individuals may seek recompense for credit monitoring costs, lost time resolving fraud issues, and emotional disruption—even if no fraud has been detected yet. Many class action law firms are already investigating potential claims for those affected.
Dealing with breach fallout is complex and emotionally draining. The Lyon Firm has years of experience settling privacy and data security cases in Ohio and stands ready to help individuals harmed by incidents like the New Horizons breach. Our team:
With the Lyon Firm in your corner, you gain representation that is empathetic, experienced, and ready to pursue justice on your behalf.
What companies were affected by the New Horizons breach?
NHB Holdings and its subsidiaries—including New Horizons Baking Company, Genesis Baking Company, Metraco Transportation, and New Horizons Food Solutions—were affected.
When was the breach discovered and disclosed?
The breach occurred January 6–10, 2025, discovered on January 11, confirmed by July 11, and publicly disclosed in late August 2025.
What types of data were compromised?
Names, Social Security numbers, birthdates, addresses, government IDs, and other personal and financial information.
What can I do now if I was affected?
Enroll in provided credit monitoring, set up fraud alerts or freezes, and monitor accounts and reports for suspicious activity.
Do I have legal standing?
Yes—affected individuals may have claims if they suffered damages or are at risk due to exposure of their data. Consult an Ohio data breach firm like The Lyon Firm to explore options.
Taking the first step doesn’t have to be complicated. In just a few minutes, you can share the basics of your case, and our team will guide you from there: