American Addiction Centers (AAC) has announced that nearly half a million individuals had their personal and health-related information exposed following a cyberattack in September 2024. The American Addiction Centers cyberattack, which compromised sensitive data such as Social Security numbers and health insurance information, affected a total of 422,424 individuals.
As the year came to a close, the company began notifying those impacted, sending out the American Addiction Centers cyberattack notification letters just before the Christmas holiday.
According to a letter dated December 23, 2024, AAC outlined the details of the incident and the steps taken in response to the breach. The letter, sent to those whose data was compromised, stated that the breach took place between September 23 and September 26, 2024.
Upon discovery of the American Addiction Centers cyberattack on September 26, AAC immediately launched an investigation, engaged third-party cybersecurity experts, and notified law enforcement. By October 3, the investigation confirmed that unauthorized individuals had accessed and stolen data during this time frame.
Details of the American Addiction Centers Cyberattack
The compromised data in American Addiction Centers cyberattack included personal information such as names, addresses, phone numbers, dates of birth, Social Security numbers, and health insurance details.
However, the American Addiction Centers cyberattack did not expose treatment information or payment card data, which the company confirmed remained secure. The American Addiction Centers data breach was classified as a hacking incident, and despite the extent of the information taken, AAC stated that there was currently no evidence linking the cyberattack to identity theft or fraud.
In its notification, AAC reassured those affected that it took immediate action to mitigate the situation. We are committed to protecting your personal information and have implemented additional security measures to prevent such incidents in the future,” the letter read. Furthermore, the company has offered those impacted complimentary credit monitoring services for a period of 12 months to help mitigate the risk of identity theft.
Measures Taken to Address the Cyberattack on American Addiction Centers
Following the breach, AAC began working with leading cybersecurity professionals to fortify its systems. The company implemented enhanced security protocols and continues to review and update its cybersecurity measures to better protect personal data moving forward. AAC also emphasized its commitment to transparency, providing a dedicated hotline and offering free identity protection services through Cyberscout, a TransUnion company, to those affected.
These services include alerts on credit report changes, monitoring for suspicious activity, and proactive fraud assistance. Individuals impacted by the cyberattack on American Addiction Centers are encouraged to enroll in these services by March 31, 2025, to ensure their data remains protected.
An Ongoing Investigation and the Potential Impact on Victims
Despite the extensive breach, AAC has assured the public that there is currently no evidence linking the exposed data to any incidents of identity theft or fraud. However, the company urged affected individuals to remain vigilant, regularly monitor their credit reports, and report any unusual activity to their financial institutions. In addition, the notification provides detailed guidance on how individuals can protect themselves, including instructions for placing fraud alerts and security freezes on credit reports.
For those affected by the cyberattack on American Addiction Centers, further information and support can be accessed through the company’s dedicated toll-free hotline, which is available Monday through Friday, from 8:00 a.m. to 8:00 p.m. Eastern Time.
“We regret that this incident occurred and the concern it may have caused,” AAC stated in its notification. We take the confidentiality and security of personal information very seriously and will continue to take steps to prevent a similar incident from occurring in the future.”
As the investigation continues, individuals affected by the breach are urged to monitor their financial accounts and enroll in the identity protection services offered by AAC. For further information on how to protect against identity theft or to inquire about the American Addiction Centers cyberattack, individuals can contact AAC’s dedicated call center at 1-833-833-2770.
