NLACRC Data Breach Compromises Medical Info and More

Published
July 1, 2026
Updated
July 1, 2026
NLACRC Data Breach Compromises Medical Info and More
North Los Angeles County Regional Center
Affected by the data breach? You may be entitled to compensation. Submit a claim today.

North Los Angeles County Regional Center (NLACRC), a private nonprofit that contracts with the State of California to serve people with developmental disabilities and their families, experienced a data breach in November 2024.

The breach was reported to the attorneys general offices of California, Massachusetts and Vermont. NLACRC posted a notice about the incident on its website.

On Nov. 28, 2024, NLACRC found suspicious activity on its computer systems resembling a ransomware attack.

An investigation found evidence of unauthorized activity within NLACRC's systems from Nov. 20, 2024, through Dec. 1, 2024. During that window, an unauthorized actor copied data from the organization's systems before encrypting or encoding certain systems to render them inaccessible.

The breach exposed a wide range of personally identifiable information (PII), including first and last names, addresses, dates of birth, Social Security numbers, email addresses, telephone numbers, financial account information, payment card information, UCI and patient ID numbers, full-face photos and certificate and license numbers.

Protected health information (PHI) was also exposed including health insurance information, health plan numbers, health plan beneficiary numbers, medical information, lab results, medications, diagnosis and treatment information, treatment cost information and disability codes.

NLACRC's response to the breach

Given the scope of information exposed in this breach, affected individuals may want to take extra steps on their own to protect themselves.

NLACRC has set up dedicated toll-free assistance lines for people with questions about the breach. Affected individuals who received notification letters can call 844-959-7149, Monday through Friday, from 6:00 a.m. to 3:30 p.m. Pacific Time.

A separate assistance line listed on the organization's website notice is available at 855-295-5618, Monday through Friday, from 6:00 a.m. to 6:00 p.m. Pacific Time.

SUBMIT YOUR CLAIM TO THE LAW FIRM HANDLING THIS INVESTIGATION

Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info
  • Affected information types not yet disclosed

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Consumers Notification date
Date of Breach
November 20, 2024
Breach Discovered Date
Total People Affected
Information Types Exposed
  • Health Records
  • Social Security Numbers
  • UCI and patient ID numbers (unique identifying number or code generated by us for you)
  • Addresses
  • Certificate/license numbers
  • Dates of birth
  • Diagnosis and/or treatment information
  • Disability
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image