What Happened in the NLACRC Data Breach?
North Los Angeles County Regional Center, known as NLACRC, is a private nonprofit that contracts with the State of California to serve people with developmental disabilities and their families. On November 28, 2024, the organization discovered suspicious activity on its computer systems. The activity resembled a ransomware attack, prompting an immediate internal investigation into the NLACRC data breach.
Investigators later determined that an unauthorized actor had access to NLACRC’s network from November 20, 2024, through December 1, 2024. During that window, the intruder copied data from the organization’s systems. After stealing the files, the attacker then encrypted or encoded certain systems, rendering them inaccessible to NLACRC staff.
Because the incident involved both data theft and system encryption, NLACRC brought in forensic specialists to determine exactly what happened. As a result, the investigation confirmed that sensitive personal and health information had been copied by the unauthorized actor before the encryption occurred. This distinction matters because it confirms actual data exfiltration, not just system disruption.
NLACRC reported the breach to the attorneys general offices in California, Massachusetts and Vermont. In addition, the organization posted a public notice on its website describing the incident. These filings and disclosures are what allow affected individuals and regulators to understand the true scope of the NLACRC data breach.
Who was affected?
The NLACRC data breach impacted a large population connected to the organization’s work supporting people with developmental disabilities. According to breach notification filings, 298,629 people were affected nationwide. This includes clients served by NLACRC as well as, potentially, family members and other individuals whose information was stored in the organization’s systems.
Because NLACRC serves people with developmental disabilities, it is likely that the affected population includes minors and other vulnerable individuals who may need extra assistance monitoring their accounts. Furthermore, the breach reached beyond California, since regulators in Massachusetts and Vermont also received notifications. This suggests that some affected individuals live outside the state where NLACRC operates.
NLACRC has not publicly detailed an exact breakdown between clients, employees or other categories of affected individuals. However, the wide range of exposed data points, including patient IDs and disability codes, strongly suggests that most affected people were current or former clients of the center’s services.
What Information Was Potentially Exposed?
The NLACRC data breach compromised an unusually broad set of personal and health-related information. Because NLACRC handles both administrative records and medical service data, the exposure spans multiple categories of sensitive details.
- Full names and addresses
- Dates of birth
- Social Security numbers
- Email addresses and telephone numbers
- Financial account information
- Payment card information
- UCI and patient ID numbers
- Full-face photographs
- Certificate and license numbers
- Health insurance information
- Health plan numbers and beneficiary numbers
- Medical information, lab results and medications
- Diagnosis and treatment information
- Treatment cost information
- Disability codes
This combination of data creates serious risk. For example, Social Security numbers paired with financial account details give criminals nearly everything needed to open new credit lines or file fraudulent tax returns. Because payment card information was also exposed, affected individuals may see unauthorized charges appear on existing accounts.
The exposure of protected health information raises additional concerns. Diagnosis, treatment and disability codes could be used for medical identity theft, where a criminal uses someone else’s identity to obtain medical services or prescriptions. In addition, this type of information could be exploited for targeted scams that reference a person’s actual health conditions, making phishing attempts far more convincing.
What is the company doing?
Once NLACRC discovered the suspicious activity, the organization moved to contain the intrusion and launch a forensic investigation. This process helped determine the exact timeline of unauthorized access and identify which data categories were copied by the attacker.
Following the investigation, NLACRC notified affected individuals and reported the breach to attorneys general in California, Massachusetts and Vermont. The organization also published a detailed notice on its website explaining the scope of the incident. As a result of the breach’s severity, NLACRC set up dedicated assistance resources for people with questions.
NLACRC established a toll-free line at 844-959-7149 for individuals who received a formal notification letter. This line operates Monday through Friday, from 6:00 a.m. to 3:30 p.m. Pacific Time. A second assistance line, 855-295-5618, is listed on the organization’s website notice and operates Monday through Friday from 6:00 a.m. to 6:00 p.m. Pacific Time.
What Should Affected Individuals Do?
Monitor Your Credit Reports
Because Social Security numbers and financial account details were exposed, affected individuals should check their credit reports regularly. You can request free copies from each of the three major credit bureaus at annualcreditreport.com.
Look closely for accounts you don’t recognize or inquiries you didn’t authorize. If you spot anything suspicious, dispute it immediately with the credit bureau and the creditor involved. Consistent monitoring over the coming months is especially important, since stolen data is sometimes used well after a breach occurs.
Consider a Fraud Alert or Credit Freeze
Given the exposure of Social Security numbers, a credit freeze offers strong protection. A freeze blocks lenders from accessing your credit file, which makes it much harder for criminals to open new accounts in your name.
Alternatively, a fraud alert requires creditors to verify your identity before extending new credit. This option is less restrictive than a freeze but still adds a meaningful layer of protection. You can request either option directly through Equifax, Experian or TransUnion.
Protect Yourself Against Medical Identity Theft
Because health insurance information and treatment details were exposed, affected individuals should review medical bills and insurance statements carefully. Look for services you did not receive or unfamiliar provider names.
If you notice discrepancies, contact your health insurer right away to report the issue. In addition, request a copy of your health records periodically to confirm that no fraudulent treatment history has been added to your file.
Stay Alert for Phishing and Scam Attempts
Criminals often use stolen personal and health data to craft convincing phishing emails or phone calls. Because this breach included medical details, scammers may reference specific diagnoses or treatments to appear legitimate.
Therefore, avoid clicking links or providing information in response to unsolicited messages. Instead, verify any request by contacting the organization directly using a phone number you already trust.
Keep Records and Seek Professional Guidance
Save any breach notification letters, along with records of calls made to NLACRC’s assistance lines. These documents may be useful if you experience identity theft or need to prove when you learned about the breach.
Because this breach involved highly sensitive medical and financial data, some affected individuals may want to consult a data breach attorney. An attorney can help evaluate whether you qualify for compensation and explain your legal options at no upfront cost.
More Information
Official data breach notification from Washington State Attorney General
North Los Angeles County Regional Center
total number of 298,629 people were impacted across the nation.
notice about the incident on its website
