AACN Data Breach Impacts its Payment System: 57,526 Individuals Affected

On July 31, 2025, the American Association of Critical-Care Nurses (AACN) discovered a data breach affecting its website’s payment system. According to a notice filed with the Maine Attorney General, an unauthorized party accessed payment card information associated with certain transactions on the AACN website between March 8, 2025, and the date the breach was identified. While the investigation could not determine exactly which payment cards were compromised, AACN is notifying all individuals who made purchases during the affected period out of an abundance of caution.

The breach exposed a range of personally identifiable information (PII), including payment card information (card number, expiration date, CVV), name, contact information, shipping and billing addresses, phone number and email address.

A total of 57,526 individuals in the United States were affected by this breach, with 186 residents in Maine identified. The breach was formally disclosed to the Maine Attorney General on Aug. 29, 2025, and affected individuals were notified by written communication on the same date.

The severity of this breach is notable, as it involved direct access to payment card data and associated personal details, potentially putting thousands at risk for financial fraud and identity theft. The breach appears to have resulted from a compromise of AACN’s payment system by an unauthorized party, though the specific method of attack has not been detailed.

American Association of Critical-Care Nurses’s response

AACN is offering affected individuals two years of complimentary credit and identity monitoring services through IDX. Impacted individuals are encouraged to enroll in these services by Nov. 29, 2025, as detailed in the notification letter. The organization also advises all affected parties to remain vigilant by reviewing payment card and bank statements for suspicious activity and to promptly report any unauthorized transactions to their financial institution.

Given the nature of the breach, anyone who made a purchase on the AACN website between March 8, 2025, and July 31, 2025, should take the following steps:

• Enroll in the offered credit and identity monitoring services
• Monitor account statements and credit reports for unusual activity
• Consider placing a fraud alert or security freeze on credit files
• Report any suspected identity theft to law enforcement and the Federal Trade Commission