St. James Place Data Breach Exposes Personal Information of Patients

St. James Place of Baton Rouge, a continuing care retirement community in Louisiana that has served seniors for more than 30 years, experienced a data breach in the summer of 2024 that exposed sensitive personal and health information.

St. James Place became aware of a disruption to systems in its network on Aug. 2, 2024. Upon discovery, the company took action to secure its network and retained independent forensic specialists to investigate the incident.

The investigation found that an unauthorized actor had access to the company's network from July 30, 2024, through Aug. 2, 2024. During that four-day window, certain data stored on the network was accessed without authorization.

A ransomware group known as Cloak claimed responsibility for the attack. The group posted on the dark web, claiming to have obtained 100 GB of the organization's data.

After discovering the breach, St. James Place began a comprehensive review of the accessed data to determine what sensitive information the files contained and to whom it belonged. The review was not completed until March 4, 2026, approximately 19 months after the breach was first discovered.

The types of personal information exposed in the breach varied by individual but may have included names, Social Security numbers, driver's license or state identification numbers, passport numbers, financial account information, payment card information and dates of birth.

The breach also compromised protected health information, including medical treatment and diagnostic information and health insurance information.

The breach was disclosed to the Massachusetts Office of Consumer Affairs and Business Regulation on Dec. 17, 2024. The company also posted a notice of the data privacy incident on its website.

St. James Place's response to the breach

St. James Place is offering complimentary credit monitoring and identity protection services at no cost. These services are being provided through Kroll. The credit monitoring and identity protection offer is available to individuals whose Social Security numbers were involved in the breach.

Individuals who have questions or need assistance can contact St. James Place's dedicated assistance line with Kroll at 844-425-7453. The phone line is staffed Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time, excluding major U.S. holidays.

Steps to take if your information was exposed

• Place a fraud alert or credit freeze with Equifax, Experian and TransUnion to help prevent new accounts from being opened using stolen personal information.
• Request free credit reports at AnnualCreditReport.com and review them carefully for unfamiliar accounts, hard inquiries or other signs of unauthorized activity.
• Monitor bank and payment card statements for unauthorized transactions and report any suspicious charges to the issuing financial institution right away.
• Be cautious of phishing attempts that reference St. James Place or this breach by name, as scammers often use real breach notifications to trick people into sharing more personal information.
• Review Explanation of Benefits statements from health insurers for medical services or claims not received, since medical and health insurance information was involved in this breach.
• File a complaint with the FTC at identitytheft.gov or by calling 1-877-438-4338 if there are signs that personal information has been misused.