You may never have heard of Endue Software, but if your specialty pharmacy or home-infusion provider uses its technology, the company may have been handling your personal data when hackers broke in last February. Now, more than 118,000 people are eligible to file claims against an $870,000 settlement fund, and the deadline is June 30.
Endue Software builds the systems that specialty and home-infusion pharmacies rely on to manage patient workflows and billing. That means the data passing through its platform can include sensitive health and financial information. When the company disclosed a cybersecurity breach in February 2025, it triggered mandatory notifications in multiple states and, ultimately, the settlement now open for claims.
Affected individuals have two options. Those who can document financial losses tied to the breach, such as fraudulent charges, credit-freeze fees, or time spent resolving identity theft, can submit reimbursement claims. Individual reimbursement amounts depend on the losses each claimant can document; the settlement fund pays verified expenses up to the limits described in the claim form, and the total pool is divided among all approved claims. Those without documented losses can still enroll in one free year of credit monitoring, a benefit worth taking seriously. According to the Federal Trade Commission, stolen personal data often surfaces in fraud schemes months or even years after the original breach. The credit monitoring offered through the settlement is administered by a nationally recognized provider named in the notification letter; affected individuals can verify the provider’s identity by checking the letter itself or calling the toll-free number listed there.
What state regulatory filings confirm
The key facts are drawn from mandatory state attorney general filings, the most reliable public records available on this incident.
A breach notice filed with Maine’s attorney general lists 118,028 affected individuals and records April 11, 2025, as the date notification letters were mailed. The filing includes a direct link to the notice letter itself.
A parallel filing with the Massachusetts attorney general contains the full consumer notice as an exhibit. It outlines the types of data potentially involved and describes the steps Endue Software is offering, including credit monitoring enrollment and instructions for filing a claim.
Maine’s office also maintains a statewide breach reporting spreadsheet that independently lists the Endue Software incident, confirming both the affected-person count and the incident date. Cross-referencing that log with the individual filing shows the company’s numbers are consistent across its required disclosures.
How to file a claim
The process is designed to be handled without a lawyer, and there is no fee to participate. Based on the consumer notice letters, here is what to do:
- Check your mail. Notification letters were sent starting April 11, 2025. Your letter contains a unique ID number required to file a claim.
- Visit the settlement administrator’s website or call the toll-free number printed in your letter. Both options let you submit a claim form and upload supporting documents.
- Gather documentation if you are claiming out-of-pocket losses. Bank or credit card statements showing fraudulent charges, receipts for credit monitoring you purchased independently, or records of time spent resolving identity issues can all support a reimbursement request.
- Enroll in credit monitoring even if you have no documented losses yet. The free year of monitoring is available to everyone identified as affected.
- Submit everything before June 30. Claims filed after the deadline are typically not accepted.
Filing a claim does not obligate you to take any further legal action.
What the public record does not yet answer
As of June 2026, several questions remain open.
The exact categories of compromised data have not been specified in any filing reviewed for this article. Whether the breach involved Social Security numbers, medical records, or financial account details is not confirmed. The consumer notice references data types in general terms only.
The $870,000 settlement figure appears in consumer-facing materials but has not been independently traced to a published court order or settlement agreement in publicly accessible dockets. That does not mean the figure is wrong, but readers should know the underlying judicial documents have either not been posted online or were filed in a jurisdiction with limited electronic access. For context, settlement funds in the low-to-mid six figures are common in data breach cases affecting populations of this size, so the amount is within a typical range even though the specific court record has not been located. It is also unclear whether the settlement stems from a class action lawsuit, a regulatory enforcement action, or a voluntary agreement, a distinction that affects how the fund is administered and whether attorneys’ fees are deducted from the $870,000 pool.
Protecting yourself after the deadline
Whether or not you file a claim, the breach itself creates risks that outlast any settlement. Data exposed in incidents like this frequently fuels phishing emails, phone scams, and fraudulent account openings for years. A few steps are worth taking now:
- Place a free fraud alert with one of the three major credit bureaus (Equifax, Experian, or TransUnion). The bureau you contact is required to notify the other two.
- Consider a credit freeze if you suspect sensitive identifiers like your Social Security number were involved. Freezes are free and can be lifted temporarily when you need to apply for credit.
- Watch your explanation-of-benefits statements from your health insurer. Because Endue Software operates in the pharmacy technology space, medical identity theft is a realistic concern.
- Be skeptical of unsolicited calls or emails referencing the breach. Scammers sometimes impersonate settlement administrators to harvest additional personal information.
Where the Endue Software settlement stands as the June 30 deadline approaches
The regulatory filings from Maine and Massachusetts remain the most trustworthy public sources on this incident. They confirm a breach affecting more than 118,000 people, a settlement fund accepting claims through June 30, and a company that has acknowledged the incident under legal obligation. If you received a notification letter, the window to act is narrow. Gather your documents, file your claim or enroll in monitoring, and do not wait for the deadline to force your hand.
Warren Cohen is a finance writer based in Phoenix, Arizona, covering personal finance topics including credit, banking, and beginner investing. He earned his degree in business administration from Arizona State University and began his career working in consumer finance, where he gained direct experience with lending and credit systems. He now writes for personal finance websites and fintech platforms, focusing on clear, practical content that helps readers make informed financial decisions.
