
American Addiction Centers Breach
Sep 23, 2024
528,343 rows
What happened in the American Addiction Centers Breach?
DataBreach.com Team · September 16th 2025, 8:00 pm EDT
In late 2024, American Addiction Centers (AAC), a prominent network of rehabilitation facilities, disclosed a significant data breach that exposed the personal and sensitive information of over 422,000 individuals. The breach, which occurred in September 2024, was the result of a ransomware attack by the Rhysida cybercriminal group. The compromised data was extensive, including patient names, Social Security numbers, dates of birth, medical record numbers, and health insurance information. Following the attack, Rhysida claimed to have exfiltrated 2.8 terabytes of data and subsequently published it online. AAC began notifying affected individuals in December 2024 and offered them credit monitoring services. The incident has led to multiple class-action lawsuits filed against the organization, alleging negligence in safeguarding patient data.










