Hope Cooperative Data Breach Exposes PII & PHI

On or around Feb. 3, 2025, TLCS, Inc. d/b/a Hope Cooperative, a Sacramento-based nonprofit mental health care provider, discovered suspicious activity involving an employee email account, exposing personally identifiable information (PII) and protected health information (PHI) of current and former clients.

An immediate investigation was launched with the help of third-party incident response and data forensics specialists. The investigation determined that the employee’s email account was accessed without authorization between Jan. 15 and Feb. 3, 2025.

After confirming the unauthorized access, Hope Cooperative conducted a thorough review of the compromised email account to identify what types of information were exposed and which individuals were affected. Once this review was completed, the organization began working to obtain current address information to notify affected individuals as quickly as possible.

The types of data involved may include first and last name in combination with Social Security number, address, date of birth, driver’s license or state identification card number, financial information, medical information an health insurance data.

The company has not disclosed the exact number of affected individuals, but the scope of services provided suggests a potentially large impact. Affected individuals have been notified directly by mail where possible. The company also posted a Notification of Data Security Incident on its website.

TLCS, Inc. d/b/a Hope Cooperative's response

After discovering the breach, Hope Cooperative took prompt action by securing the affected email account and engaging cybersecurity experts to investigate and contain the incident.

The organization has since implemented additional security measures within its systems and facilities and is reviewing its data security policies and procedures to help prevent similar incidents in the future.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Hope Cooperative or a company that does business with Hope Cooperative.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

To support those potentially affected, Hope Cooperative has established a dedicated call center at 1-800-405-6108 to answer questions and address concerns.