Recent Data Breaches: Who Was Hacked and How to Protect Yourself

Stay informed on the latest data breaches to protect yourself and your information. Here's what you need to know:

Week of March 10, 2025

Hillcrest Convalescent Center Data Breach

• What happened? Hillcrest Convalescent Center experienced a data breach after an unauthorized party accessed its network and extracted sensitive patient information.
• When? The breach was detected on June 27, 2024, but the data review was completed on February 13, 2025, and affected individuals were notified recently.
• Who is affected? Approximately 106,194 individuals who have records with Hillcrest Convalescent Center may have had their data compromised.
• What type of data was exposed? The exposed data includes names, dates of birth, Social Security numbers, medical information, treatment details, healthcare provider information, and health insurance details.
• What should I do? Keep a close watch on your financial and medical accounts for any unauthorized activity and take advantage of the free credit monitoring provided by Hillcrest Convalescent Center

Central Texas Pediatric Orthopedics Data Breach

• What happened? Central Texas Pediatric Orthopedics (CTPO) experienced a data breach in which an unauthorized party accessed confidential patient information. The breach may have directly affected CTPO or originated from a third-party vendor.
• When? The breach was reported on March 7, 2025.
• Who is affected? Approximately 90,000 individuals may have had their data compromised.
• What type of data was exposed? The exposed data includes names, medical information, health insurance information, and government-issued identification.
• What should I do? Monitor your financial and medical accounts for suspicious activity, enroll in any credit monitoring offered by CTPO, enable two-factor authentication on sensitive accounts, and consider freezing your credit.

Makai LLC Data Breach

• What happened? Makai LLC detected a potential data security incident involving unauthorized access to information provided to the company. 
• When? The incident occurred on January 28, 2025, and was discovered shortly thereafter. 
• Who is affected? Government and commercial clients. The exact number of individuals affected has not been publicly disclosed. ​
• What type of data was exposed? The specific information exposed varies by individual and may include names and Social Security numbers.
• What should I do? Keep a close eye on your financial and personal accounts for any unauthorized activity. Set up account alerts to detect suspicious transactions quickly. 

Best Collateral Data Breach 

• What happened? Best Collateral, a company specializing in collateral loans and retail services, experienced a data breach resulting from a recent cybersecurity attack. When? Following a thorough investigation, the breach was confirmed on February 10, 2025.
• Who is affected? Both customers and employees of Best Collateral are affected by this breach. Impacted individuals were notified on March 6, 2025.
• What type of data was exposed? The exposed information varies by individual and may include names, Social Security numbers, driver's license numbers, biometric information, military identification numbers, and health insurance policy information.
• What should I do? Stay vigilant by checking your financial and personal accounts for any unusual activity, sign up for any credit monitoring services offered by Best Collateral, strengthen your security by enabling two-factor authentication, and consider freezing your credit. 

Numotion Data Breach

• What happened? Numotion, a provider of mobility solutions, experienced a data breach involving unauthorized access to multiple employee email accounts over an extended period.
• When? The unauthorized access occurred between September 2, 2024, and November 18, 2024.
• Who is affected? Individuals whose personal information was contained within the compromised email accounts are affected. Impacted individuals were made aware of the data breach on March 7, 2025.
• What type of data was exposed? The compromised information varies by individual and may include names, Social Security numbers, driver’s license numbers, dates of birth, product information, payment and financial account information, health insurance information, and medical information.
• What should I do? Regularly review your financial and personal accounts for any unauthorized transactions, take advantage of any credit monitoring services provided by Numotion, strengthen your account security with two-factor authentication, and consider placing a credit freeze to protect against identity theft.

Lumen Technologies Data Breach

• What happened? Lumen Technologies, a global telecommunications and technology company, experienced a data breach resulting from unauthorized access to its computer network.
• When? The unauthorized access occurred between November 15, 2024, and December 4, 2024. Lumen discovered the breach on January 17, 2025.
• Who is affected? The specific number of individuals affected by this breach has not been publicly disclosed. Lumen Technologies notified those whose information was compromised on March 6, 2025.
• What type of data was exposed?  While the exact categories of data compromised have not been publicly specified, the breach may have involved sensitive personal information. Affected individuals received personalized notification letters detailing the specific types of personal information compromised.
• What should I do? Secure your online accounts by using strong, unique passwords and enabling two-factor authentication. If you’re concerned about identity theft, consider placing a fraud alert or a credit freeze to prevent unauthorized access to your financial information.

Archie Cochrane Ford Data Breach

• What happened? Archie Cochrane Ford detected unauthorized activity on its IT network and confirmed that confidential files were accessed by an unauthorized party. 
• When? The unauthorized activity was detected on December 11, 2024. Affected individuals were notified via data breach letters sent on February 27, 2025.
• Who is affected? Individuals whose information was contained in the compromised files are affected. The specific number of impacted individuals has not been disclosed.
• What type of data was exposed? The compromised information includes names, addresses, and Social Security numbers.
• What should I do? Enroll in any credit monitoring services offered by Archie Cochrane Ford, monitor your credit reports closely, and report any signs of fraud to the appropriate authorities.

Sunflower Medical Group Data Security Incident

• What happened? Sunflower Medical Group detected suspicious activity on its network and found that an unknown third party accessed its systems and acquired copies of files containing personal information. 
• When? The unauthorized access occurred on or about December 15, 2024. Sunflower Medical Group became aware of the suspicious activity on January 7, 2025. 
• Who is affected? Individuals whose personal information was contained in the accessed files are affected. Sunflower Medical Group has sent letters to involved individuals for whom valid mailing addresses were available. 
• What type of data was exposed? The information varied by individual but may have included names, addresses, dates of birth, Social Security numbers, driver's license numbers, medical information, and health insurance information. 
• What should I do? Monitor your accounts and credit reports for fraud. Report any suspicious activity and take advantage of Sunflower Medical Group’s complimentary identity theft protection if your Social Security or driver's license number was involved.

Gastroenterology Associates of Central Florida, P.A. dba Center for Digestive Health Data Breach

• What happened? Gastroenterology Associates of Central Florida, P.A., operating as the Center for Digestive Health, detected suspicious activity on its IT network. An investigation revealed that an unauthorized party had accessed and acquired certain files containing personal information.
• When? The unauthorized access occurred on April 1, 2024. The breach was discovered on May 7, 2024, and affected individuals were notified on February 25, 2025.
• Who is affected? Approximately 122,437 individuals were affected by this breach.
• What type of data was exposed? The compromised information includes names, Social Security numbers, dates of birth, and health information.
• What should I do? Keep an eye on your financial and personal accounts for unusual activity, take advantage of any credit monitoring services provided by the Center for Digestive Health, and consider freezing your credit.

Community Care Alliance Data Breach

• What happened? Community Care Alliance experienced a hacking incident that led to unauthorized access to personal information.
• When? The breach occurred on June 20, 2024, and was discovered on January 8, 2025. Affected individuals were notified on March 7, 2025. 
• Who is affected? Approximately 114,945 individuals were impacted. 
• What type of data was exposed? The specific types of personal information compromised were not detailed in the notification.
• What should I do? Community Care Alliance offered 12 months of credit monitoring through TransUnion. Affected individuals should monitor their financial accounts for unauthorized activity and consider enrolling in the provided credit monitoring services.

If you’ve been impacted by one of these breaches and believe you may be entitled to compensation, contact Morgan & Morgan today for a free, no-obligation consultation.