SSK Plastic Surgery Data Breach Exposes PHI & PII

SSK Plastic Surgery Inc. based in Newport Beach, California, experienced a significant security incident that affected its clients. On March 20, 2024, and again on July 24, 2024, an unauthorized intruder gained access to the company's systems.

This breach led to the exposure of sensitive client information, including names, addresses, telephone numbers, email addresses, and limited health information. In some cases, images provided for virtual consultation services were also accessed. Alarmingly, Social Security numbers and driver's licenses were compromised as well.

The breach was discovered when the intruder attempted to extort SSK Plastic Surgery. The company quickly involved law enforcement and took immediate steps to contain the situation. A thorough investigation was conducted with the help of cybersecurity experts to determine the scope of the breach and secure the affected systems.

The incident was reported to the California Attorney General's office on March 7, 2025, and further details about the breach can be found on the California Attorney General's website. Additionally, the Vermont Attorney General's office was notified, and further information is available on the Vermont Attorney General's website.

SSK Plastic Surgery's Response

In response to the data breach, SSK Plastic Surgery enhanced its security measures to address the evolving nature of cybersecurity threats and have engaged cybersecurity experts to bolster their defenses and ensure the protection of client information.

For those affected by the breach, SSK Plastic Surgery has partnered with Kroll, a global leader in risk mitigation and response, to provide identity monitoring services at no cost. These services include credit monitoring, $1 million in identity fraud loss reimbursement, fraud consultation, and identity theft restoration.

Affected individuals are encouraged to activate these services by visiting Kroll's enrollment website before the activation deadline.