The North Carolina Board of Cosmetic Art Examiners experienced a data breach that affected 28,018 individuals across the United States. On Nov. 27, 2024, NCBCAE discovered suspicious activity within its systems. An investigation revealed an unauthorized actor gained access to certain email accounts between Oct. 31, 2024 and Nov. 27, 2024.
On June 17, 2025, it was determined that both personally identifiable information (PII) and protected health information (PHI) may have been compromised in the data breach. Exposed information includes Social Security numbers, names, driver’s license or state identification numbers, account numbers, routing numbers, payment card numbers, passport numbers, biometric data, medical information, health insurance information and taxpayer identification numbers.
This incident is considered severe due to the level of data involved. North Carolina Board of Cosmetic Art Examiners began notifying affected individuals on July 8, 2025 and published a Notice of Security Incident on its own website.
The data breach was also disclosed to the Maine, Massachusetts and Vermont Attorney Generals' offices beginning on July 8, 2025. Affected individuals include eight Maine residents.
In addition to required state and federal disclosures, NCBCAE is offering free credit monitoring and identity protection services to impacted individuals.
If you receive a notice about this breach from North Carolina Board of Cosmetic Art Examiners, you may want to:
More information about the North Carolina Board of Cosmetic Art Examiners can be found on their official website.