The mobility equipment provider recently announced they were breached in the fall of 2024.
What happened
Numotion, also known as United Seating and Mobility, recently reported that they experienced a data breach.
According to a notice published on their website, several employees’ email accounts were hacked on various days between September 2nd, 2024, and November 18th, 2024.
Numotion did not say when they discovered the breach, but said that on January 22nd, 2025, they determined some emails contained customer information.
Ultimately, Numotion reported to the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) that the breach impacted 494,326 individuals.
Going deeper
Numotion is a Tennessee-based mobility solution provider, advertising itself as the largest provider of wheelchairs and other mobility products in the US. According to their website, the company serves over 400,000 individuals, meaning it’s possible that this incident has impacted all customers in some way.
Compromised information varies, but may include names, dates of birth, product information, payment and financial account information, medical information, health insurance details, and for some, Social Security numbers and driver’s license numbers.
Numotion stated they currently “have no reason to believe that any personal information has been misused for the purpose of committing fraud or identity theft,” but is still advising individuals to review their account statements and monitor their credit reports.
In the know
This hasn’t been the only cybersecurity incident to impact Numotion recently. According to Security Week, in the spring of 2024, Numotion informed customers that their network had been accessed between February 29th and March 2nd, 2024. At the time, the ransomware organization Black Basta took credit for the attack. While Numotion originally said this breach only impacted a few thousand individuals, they later modified their report, stating it impacted approximately 600,000 individuals.
The bottom line
Although Numotion currently doesn’t believe information from the current breach has been misused, any data breach can increase an individual’s vulnerability to fraud or identity theft. Since Numotion has faced a data breach recently, it will likely need to improve its cybersecurity systems, policies, and procedures.
Related: HIPAA Compliant Email: The Definitive Guide
FAQs
What does it mean if an organization is attacked more than once?
An organization may be targeted more than once for multiple reasons. Namely, if a past attack was successful, a malicious organization may be incentivized to attack again. Similarly, if Numotion paid a ransom to Black Basta, which is unclear, it could motivate the actor to attack again. Conversely, the breaches could be unrelated but may signal that Numotion needs to improve its cybersecurity standards.
How could a breach like this be prevented?
Numotion stated that this breach was caused by a malicious actor hacking into employee email accounts. Often, this type of breach is preventable with the right spam filters, encryption, and employee training. Human error can also result in breaches, making it important to have an email security solution that accounts for people making mistakes.
Abby Grifno
