32 Pearls Data Breach Affects 23,550, Exposing Social Security Numbers

On May 22, 2025, 32 Pearls, a dental care provider based in Washington state, discovered a data breach involving unauthorized access to its systems. According to the official disclosure filed with the Washington Attorney General’s office, the breach occurred between May 19 and May 22, 2025, when a malicious actor gained access to and encrypted certain files using ransomware.

The investigation, supported by third-party cybersecurity experts, determined that the unauthorized party may have viewed or accessed sensitive files during this period.

The breach affected 23,550 Washington residents and potentially exposed a wide range of personally identifiable information (PII) and protected health information (PHI) including full names, addresses, Social Security numbers, driver’s licenses or Washington ID card numbers, full dates of birth, health insurance policy or ID numbers, and medical information.

The breach was formally disclosed to the Washington Attorney General’s office on June 21, 2025. For those seeking further details, the full breach notification is available through the Washington Attorney General’s data breach portal.

32 Pearls's response

After discovering the ransomware attack, 32 Pearls took immediate steps to contain the threat and secure its systems. The company engaged leading cybersecurity professionals to investigate the incident and assist with remediation. As part of their response, 32 Pearls has implemented enhanced security measures and is reviewing internal processes to further protect patient information.

For affected individuals, 32 Pearls is offering 12 months of complimentary identity theft protection services through IDX, a ZeroFox company specializing in data breach and recovery services. This service includes credit and CyberScan monitoring, a $1 million insurance reimbursement policy, and fully managed identity theft recovery services. Affected patients received notification letters with unique enrollment codes and instructions on how to activate these protections. The deadline to enroll in these services is Oct. 18, 2025.

Given the sensitive nature of the information involved, affected individuals are encouraged to:

• Enroll in the free credit and identity monitoring service provided by IDX
• Review credit reports regularly for any suspicious activity
• Consider placing a fraud alert or security freeze with major credit bureaus
• Remain vigilant for signs of identity theft or fraud

Additional resources and detailed guidance are included in the official notice to consumers, which is available as a PDF at the bottom of this article’s page.

More information about the company, its services, and locations can be found on the 32 Pearls website.