
North Los Angeles County Regional Center (NLACRC), a private nonprofit that contracts with the State of California to serve people with developmental disabilities and their families, experienced a data breach in November 2024.
The breach was reported to the attorneys general offices of California, Massachusetts and Vermont. NLACRC posted a notice about the incident on its website.
On Nov. 28, 2024, NLACRC found suspicious activity on its computer systems resembling a ransomware attack.
An investigation found evidence of unauthorized activity within NLACRC's systems from Nov. 20, 2024, through Dec. 1, 2024. During that window, an unauthorized actor copied data from the organization's systems before encrypting or encoding certain systems to render them inaccessible.
The breach exposed a wide range of personally identifiable information (PII), including first and last names, addresses, dates of birth, Social Security numbers, email addresses, telephone numbers, financial account information, payment card information, UCI and patient ID numbers, full-face photos and certificate and license numbers.
Protected health information (PHI) was also exposed including health insurance information, health plan numbers, health plan beneficiary numbers, medical information, lab results, medications, diagnosis and treatment information, treatment cost information and disability codes.
Given the scope of information exposed in this breach, affected individuals may want to take extra steps on their own to protect themselves.
NLACRC has set up dedicated toll-free assistance lines for people with questions about the breach. Affected individuals who received notification letters can call 844-959-7149, Monday through Friday, from 6:00 a.m. to 3:30 p.m. Pacific Time.
A separate assistance line listed on the organization's website notice is available at 855-295-5618, Monday through Friday, from 6:00 a.m. to 6:00 p.m. Pacific Time.








.webp)
.webp)
.webp)

.webp)
.webp)
.webp)
.webp)