American Addiction Centers Data Breach Affects 422,424 People

American Addiction Centers, Inc. (AAC), a leading provider of substance abuse treatment services, recently experienced a significant data breach that exposed the sensitive information of 422,424 individuals across the United States. The breach occurred over a four-day period from September 23 to September 26, 2024, and was discovered on November 22, 2024.

The breach resulted in the exposure of highly sensitive consumer information, including:

• Names
• Addresses
• Social Security numbers
• Driver’s license numbers
• Financial information (e.g., account numbers, credit or debit card numbers)
• Medical information
• Health insurance information
• Dates of birth

The severity of this breach is heightened by the nature of the exposed data, which includes both financial and medical information. Such information is highly valuable to cybercriminals and can be used for identity theft, fraudulent transactions, and other malicious activities.

The breach was disclosed to the California Attorney General's office on December 24, 2024, the Maine Attorney General's office on December 27, 2024, and the Massachusetts Attorney General's office on December 27, 2024. Additionally, the breach was reported to the Texas Attorney General's office on December 23, 2024.

The breach affected individuals in multiple states, with 26,450 impacted in Texas and 669 in Maine. The company began notifying affected individuals by U.S. mail and other methods on December 23, 2024.

American Addiction Centers' response

In response to the breach, American Addiction Centers, Inc. has taken several steps to address the situation and assist affected individuals. The company has offered free identity monitoring services through Cyberscout, which includes credit monitoring and fraud detection. Affected individuals must enroll by March 31, 2025, to take advantage of these services.

The company has also set up a dedicated toll-free call center to assist individuals with questions and concerns. The hotline is available Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Time, excluding major U.S. holidays.

Additionally, AAC has provided detailed guidance on how individuals can protect themselves from identity theft, including instructions for placing fraud alerts and security freezes on their credit reports. The company has emphasized the importance of monitoring financial accounts and credit reports for any signs of unauthorized activity.

Steps to take if you are affected by the data breach

If you believe you may have been affected by this data breach, it is important to take immediate action to protect your personal and financial information. Here are the steps you should follow:

1. Enroll in free identity monitoring services: If you received a notification from AAC, use the unique code provided to enroll in Cyberscout’s credit monitoring services by March 31, 2025.
2. Monitor your financial accounts and credit reports: Regularly review your bank statements, credit card accounts, and credit reports for unauthorized transactions or suspicious activity. You are entitled to one free credit report annually from each of the three major credit reporting agencies at AnnualCreditReport.com.
3. Place a fraud alert on your credit file: Contact one of the three major credit reporting agencies—Equifax, Experian, or TransUnion—to place a fraud alert on your credit file. This will notify creditors to take extra precautions before opening new accounts in your name.
4. Consider a security freeze: A security freeze prevents creditors from accessing your credit report without your consent, making it harder for identity thieves to open accounts in your name. You can request a freeze from each of the credit reporting agencies.
5. Report suspicious activity: If you notice unauthorized transactions or suspect identity theft, report it immediately to your financial institution and file a complaint with the Federal Trade Commission (FTC) at IdentityTheft.gov.
6. Stay vigilant: Keep an eye on your accounts and personal information for the foreseeable future. Identity theft can occur months or even years after a data breach.

For additional information or assistance, contact AAC’s dedicated call center at 1-833-833-2770.