California Dental Care Provider; Childcare Referral Agency Announce Data Breaches
Data breaches have been reported by two entities in California – Tieu Dental Corporation has announced a July 2025 hacking-related data breach affecting an as of yet undisclosed number of individuals. The Children’s Council of San Francisco has determined that more than 12,650 individuals have been affected by an August 2025 ransomware attack.
Tieu Dental Corporation Announces July 2025 Data Breach
Tieu Dental Corporation, a California-based provider of oral and maxillofacial surgery services, has started notifying patients about unauthorized access to its computer network last summer. The intrusion was identified on or around July 29, 2025, and the forensic investigation confirmed that an unauthorized third party accessed its network between July 28 and July 29, 2025.
The compromised parts of its network were reviewed, and on January 11, 2026, Tieu Dental confirmed that the compromised files included patient data such as names, dates of birth, Social Security numbers, medical records, treatment plans, prescription information, and health insurance information. Tieu Dental has not identified any misuse of patient data as a result of the incident; however, out of an abundance of caution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. No known threat group has publicly claimed responsibility for the incident. The HHS’ Office for Civil Rights breach portal indicates that 8,918 individuals have been affected.
Children’s Council of San Francisco Announces August 2025 Ransomware Attack
Children’s Council of San Francisco (CCSF), a nonprofit childcare resource and referral agency, has notified regulators about a data breach impacting 12,655 individuals. CCSF identified a security breach on August 3, 2025, that caused network disruption. Assisted by third-party cybersecurity experts, CCSF secured its network, investigated the incident, and determined that an unknown hacker gained access to its network on August 1, 2025, and acquired certain data. The SafePay ransomware group claimed responsibility for the attack.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The file review was completed on or around February 23, 2026, when it was confirmed that names and Social Security numbers were present in the acquired files. Notification letters were mailed to the affected individuals on March 2, 2026, and complimentary single-bureau credit monitoring and identity theft protection services have been offered. CCSF notified the Federal Bureau of Investigation about the incident and has implemented measures to harden security and reduce the risk of similar incidents in the future.
