Cyber Incident Victim: NCH Corporation

NCH Corporation is a global manufacturer and marketer of industrial maintenance, water treatment, and lubrication solutions based in Irving, Texas. On March 9, 2026, NCH discovered that an unauthorized actor had taken files from its network. The investigation revealed that unauthorized activity had occurred in NCH’s network between January 21, 2026 and February 25, 2026. NCH launched an investigation with the support of third‑party cybersecurity professionals. The investigation confirmed that during that period an unauthorized actor obtained copies of certain files from the network. The compromised personal data may include names and one or more of the following: taxpayer identification numbers, driver’s license or state‑issued identification card numbers, passport numbers, other government‑issued identification numbers, financial account information, payment card information, medical information, and/or health insurance information.

In response to the discovery, NCH implemented response procedures, including the launch of the investigation with third‑party cybersecurity professionals. Edelson Lechtzin LLP, a national class action law firm, began investigating a putative class action to seek legal remedies for individuals whose sensitive data may have been compromised. The firm offered free case evaluations and provided contact information: Marc Edelson, Esq., 411 S. State Street, Suite N‑300, Newtown, PA 18940; phone 844‑696‑7492 ext. 2; email medelson@edelson‑law.com; website https://www.edelson‑law.com/data‑breach‑class‑actions/. The firm’s notice stated that it was investigating reports of a potential incident and had not independently verified the full scope, contents, or authenticity of the alleged data. It also noted that references to data volume, record counts, and categories were based on third‑party reports and remained subject to confirmation. Preliminary findings about the nature and sensitivity of the information remained under review and were not conclusive. The notice emphasized that nothing therein should be construed as a definitive finding regarding liability, causation, or the precise scope of impact.

The breach notification informed recipients that they may face increased risk of identity theft and fraud. It also included information suggesting that recipients review account statements and monitor credit reports for suspicious activity. The notification further noted that recipients should confirm whether their information was involved, consider placing fraud alerts and credit monitoring, preserve any breach letters or emails, and contact the law firm to discuss legal options.