Austin Plastic Surgery Data Breach Exposes Sensitive Personal and Health Info

Austin Plastic and Reconstructive Surgery, a medical practice in Austin, Texas, disclosed a data breach that occurred in mid-2025 and involved unauthorized access to its network environment. At this time, 4,041 individuals in Texas were identified as affected.

The practice discovered the breach on Feb. 28, 2026, and began notifying affected consumers on March 11, 2026. The breach was disclosed to the Texas Attorney General.

The company posted a notice about the incident on its website providing details about what happened and guidance for those who may have been affected.

What happened in the Austin Plastic and Reconstructive Surgery data breach

The breach was the result of a ransomware attack on the practice's network. According to the company's notification to consumers, an unauthorized party gained access to the Austin Plastic and Reconstructive Surgery network environment between June 30 and July 1, 2025.

During that approximately two-day window, a limited number of files stored on the network were potentially subject to unauthorized access or acquisition.

On Aug. 10, 2025, a ransomware group known as ThreeAM publicly claimed responsibility for the attack. The group posted its claim on the Tor network, which is a part of the dark web that allows for anonymous communication. The claim came roughly six weeks after the unauthorized access occurred but several months before the practice had completed its investigation and determined what data was at risk.

As part of the investigation, the practice worked closely with external cybersecurity professionals experienced in handling data security incidents, according to the company's notification. The investigation included an extensive manual review of the compromised files to determine what personal information they contained.

Following the completion of this review, the practice found that the files held both personal and protected health information.

The types of personally identifiable information (PII) potentially exposed include names, addresses, dates of birth, financial account information, driver's license or government identification numbers, passport numbers and Social Security numbers.

The protected health information (PHI) potentially exposed include medical and/ or health information.

Austin Plastic and Reconstructive Surgery's response to the breach

Austin Plastic and Reconstructive Surgery is offering complimentary credit monitoring services to individuals whose Social Security numbers were impacted. Affected individuals are encouraged to take advantage of this offer. The company also shared best practices with notified individuals to help them protect their personal information.

The practice has established a dedicated response line at 833-877-7496 for individuals who have questions about the incident or who want to determine whether they are personally affected.

The line is staffed Monday through Friday from 8 a.m. to 8 p.m. Central time, excluding holidays. Individuals who are concerned about potential misuse of their information are encouraged to call this number.

Steps to take if your information was exposed

• Place a fraud alert or security freeze on credit files by contacting Equifax (888-378-4329), Experian (888-397-3742) or TransUnion (800-680-7289) to help prevent unauthorized accounts from being opened.
• Request free credit reports at AnnualCreditReport.com, where consumers can obtain one free report from each of the three major credit bureaus every 12 months, and review them for any unfamiliar accounts or credit inquiries.
• Monitor financial account statements regularly for unauthorized transactions, since financial account information was among the data potentially exposed in this breach.
• Review Explanation of Benefits statements from health insurance providers and follow up on any services or charges that seem unfamiliar, as medical and health insurance information were potentially compromised.
• Watch for phishing attempts that reference Austin Plastic and Reconstructive Surgery or this breach by name, as scammers often use stolen personal details to craft convincing emails, phone calls or text messages.
• Report suspected identity theft to the Federal Trade Commission at ftc.gov/idtheft or by calling 877-438-4338, and consider filing a report with local law enforcement if any fraudulent or suspicious activity is discovered on financial accounts or credit reports.