.png)
Nova Recovery Center Data Breach Affects Thousands
Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info
Nova Recovery Center, an alcohol and drug rehabilitation provider based in Austin, Texas, recently experienced a data breach impacting thousands of patients. On May 25, 2025 Nova Recovery Center discovered unauthorized access of its systems had taken place.
The breach involved unauthorized access to Nova Recovery Center’s network, reportedly by a threat actor known as “nightly.” On May 25, 2025, the attacker posted on the open web, claiming to have exfiltrated over 200 GB of sensitive data, including deleted records and 1 TB of CCTV footage.
On June 17, 2025, an investigation revealed the data breach compromised both both personally identifiable information (PII) and protected health information (PHI). Exposed information includes names, addresses, dates of birth, Social Security numbers, health insurance information, medical records and financial payment information.
The cybersecurity incident was disclosed to the U.S. Department of Health and Human Services on July 24, 2025. Nova Recovery Center disclosed the data breach to the Maine and Texas Attorney Generals' offices beginning on Aug. 5, 2025.
The organization began notifying affected individuals by mail on Aug. 1, 2025. Affected patients includes 5,518 Texas residents and three in Maine.
Nova Recovery Center's response
In addition to state and federal disclosures, Nova Recovery Center is offering free Kroll identity monitoring to impacted individuals.
If you receive a notice from Nova Recovery about this data breach, you may want to:
- Enroll in the free Kroll identity monitoring services, offered by Nova Recovery.
- Monitor your credit reports and financial accounts for any unusual activity.
- Be alert for phishing emails or phone calls that may use your exposed information.
- Consider placing a fraud alert or credit freeze with major credit bureaus.
The company also set up a dedicated hotline at 866-559-3487, Monday through Friday from 8 a.m. to 5:30 p.m. Central time.
For more information about the center, visit the Nova Recovery Center website.
Protect Your Data
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.
Data Breach Settlements
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
What to Read Next
Subscribe to our weekly class actions newsletter.
.svg)