Reframe Data Breach Class Action Lawsuit Investigation

Data breach law firm Abington Cole + Ellery is investigating potential legal claims related to the Reframe data breach, which reportedly affected thousands of individuals and may have exposed names and medical data.

Published July 1, 2026 | Last updated July 1, 2026
Reviewed by Cornelius P. Dukelow | licensed lawyer and registered patent attorney.

JOIN THIS INVESTIGATION: If you are interested in potentially volunteering to serve as a class representative in a class action lawsuit against Reframe, please submit your information to be considered:

You may also open the form here: Reframe Data Breach Lawsuit Form. An attorney-client relationship is not formed by submitting information through this website.

Reframe Data Breach: Key Facts

Company: Reframe (Glucobit, Inc.)
Location: Alpharetta, Georgia
Incident Type: Unauthorized Access
Number Affected: Thousands (TOTAL NOT YET PUBLICLY CONFIRMED)
Data Involved: NAMES / MEDICAL DATA
Date Began: May 1, 2026
Date Discovered: May 1, 2026
Date Ended: May 1, 2026
Notice Date: June 30, 2026
Credit Monitoring: 12 Months of TransUnion/CyberScout credit and dark web monitoring
Status: Class Action Lawsuit Investigation


What happened in the Reframe data breach?

Glucobit, Inc. d/b/a Reframe recently announced a data breach involving information from some Reframe user accounts. According to the company’s June 30, 2026 notice, Reframe discovered that a single system had been accessed without authorization. The company says it stopped the activity, hired cybersecurity experts, and determined that some personal information uploaded to Reframe was downloaded without authorization on or around May 1, 2026.

Reframe has not publicly explained the precise technical cause of the incident. The notice does not say whether the breach resulted from compromised credentials, a software vulnerability, phishing, misconfiguration, or another method. The company’s current public explanation is limited to unauthorized access to one system.

The notice states that the incident did not involve Reframe passwords, home or mailing addresses, payment card information, payment account information, financial information, Social Security numbers, driver’s license numbers, or other government identifiers. Reframe also says its payment systems were separate and not affected.

In response, Reframe says it enhanced its security and monitoring controls. The company is offering affected users 12 months of complimentary credit monitoring and dark web monitoring through TransUnion/CyberScout. Users who received a notice should review the specific information listed in their individual letter, consider enrolling in the offered monitoring services, remain alert for suspicious communications, and contact Reframe’s dedicated call center at 1-844-593-7750 with questions about the incident.


How did the Reframe breach occur?

According to Reframe, the breach occurred when a single Reframe system was accessed without authorization.


When did the Reframe breach occur?

The Reframe data breach reportedly took place on or around May 1, 2026.


How many people were affected by the Reframe breach?

The known public figures are 6,340 affected Texas residents and at least 501 California residents, meaning the breach appears to affect at least 6,841 people. The true total is likely higher.


What information was exposed in the Reframe breach?

  • Breached data reportedly may include, but is not necessarily limited to:
    • names
    • medical data

Has Reframe offered free credit monitoring and/or identity theft protection services?

Yes. Reframe is offering affected users 12 months of complimentary credit monitoring and dark web monitoring through TransUnion/CyberScout, at no cost. The notice also says the services include proactive fraud assistance for questions or if a user becomes a victim of fraud.


Reframe data breach timeline:

Date Event
May 1, 2026 Unauthorized activity began.
May 1, 2026 Reframe discovered the incident.
May 1, 2026 Unauthorized activity ended.
UNDISCLOSED Data breach investigation concluded.
June 30, 2026 Reframe began notifying affected individuals.

Who is Reframe?

Reframe is an alcohol reduction and habit-change app owned by Glucobit, Inc. that helps adults evaluate and adjust their relationship with drinking. The platform combines neuroscience-informed education, drink tracking, daily tasks, coping tools, mindfulness exercises, and community support to help users build healthier drinking habits over time. Reframe is positioned as an evidence-based digital resource for people who want to cut back or stop drinking, but it is not designed to diagnose, treat, or replace professional care for alcohol use disorder.


What should affected individuals do?

Affected individuals may enroll in the free 12-month TransUnion/CyberScout credit monitoring and dark web monitoring within 90 days, watch for suspicious emails, texts, or calls referencing their health, wellness, or personal habits, avoid clicking suspicious links or sharing information in response to unsolicited messages, and periodically review account statements and credit reports. They may also consider placing a fraud alert or security freeze with the major credit bureaus, and can contact Reframe’s call center at 1-844-593-7750 with questions.


What makes the Reframe data breach uniquely concerning?

The uniquely concerning issue is not financial fraud in the usual sense, because Reframe says passwords, addresses, payment data, financial information, Social Security numbers, driver’s license numbers, and government IDs were not involved. The concern is that the exposed information came from a Reframe account, which may relate to a person’s health, wellness, drinking habits, or personal behavior. Reframe itself warns users to be cautious of unsolicited emails, texts, or calls that reference their “health, wellness, or personal habits,” because those could be phishing or social-engineering attempts.


Reframe Data Breach Notice

The notice describes the Reframe data breach, including the type of information that may have been involved and the steps offered to affected individuals.

Open the Reframe Data Breach Notice in a New Tab


Sources and additional information about the data breach:


Class Action FAQ

A class action lawsuit is a case brought on behalf of a group of people who were harmed in a similar way by the same company or organization.

A class representative, sometimes called a named plaintiff or lead plaintiff, is a person who volunteers to bring the lawsuit on behalf of the larger group. They help represent the interests of everyone in the class. There may be more than one class representative in a class action.

A person who was harmed may start a class action if many other people were harmed in a similar way.

Usually, no. In many class action cases, the lawyers are paid only if the case is successful.

Sometimes you do not need to do anything. Other times, you may need to submit a claim form by a deadline to receive money or benefits.


data types, numbers, timeline, dates



About This Data Breach Resource

This page was created to give affected individuals and researchers a clear, comprehensive explanation of the Reframe data breach. It summarizes what is currently known about the incident, including the timeline, how the breach was discovered, the types of information involved, the number of people affected when available, important notice dates, and steps individuals may want to take after receiving a data breach notification.

This resource is independently written and organized to help readers understand the breach without having to review multiple notices, state attorney general filings, company statements, and related materials. When available, this page relies on primary sources and identifies key facts, unanswered questions, and updates as new information becomes public.

This page is especially relevant for readers searching for information about the Reframe data breach, Reframe data breach notice, Reframe class action investigation, what information was exposed, how many people were affected, and what affected individuals should do next.

Abington Cole + Ellery reviews data breach incidents involving sensitive personal information, financial information, and protected health information. This page is intended to help affected individuals understand the publicly reported facts, the types of information that may have been involved, and practical steps that may reduce the risk of identity theft or medical identity theft.

The information on this webpage is provided for general informational purposes only and does not constitute legal advice. Nothing on this page should be relied upon as legal advice for any particular situation. Submitting information through this page does not create an attorney-client relationship.

For more information about steps you can take to possibly reduce the risk harm arising from a data breach, please review the following article: What are some steps you can take if you've been the victim of a data breach?

This website is not associated with nor authorized by Reframe or any affiliated companies. If you have received any other data breach notifications, you may want to review Abington Cole + Ellery's current list of data breach investigations.