Spindletop Center 2025 Data Breach

Spindletop Center (TX) Mental Health & IDD Services Breach (2025): 89K Patient Records Including SSN, Driver's License & Diagnoses Exposed via Rhysida | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

RhysidaRansomware / ExtortionMedicalMental HealthCase NumberDriver's LicenseEmail AddressFull NameMedical DiagnosisPhone Number
High SeverityWebsite / service breach

Spindletop Center (TX) Mental Health & IDD Services Breach (2025): 89K Patient Records Including SSN, Driver's License & Diagnoses Exposed via Rhysida

Community mental health and developmental disability services provider.

Verified by ObscureIQ Intelligence
86/100Breach Risk Index
57Data Value
40Market Recency
243dSince Breach

Breach Intelligence Summary

Entity: Spindletop Center · Actor: Rhysida · Sources: 2 references
Attack: Ransomware / Extortion
Profile: Healthcare provider · Behavioral health and support services · Community care provider · USA
Timeline: Breach (2025-09-23) · Year (2025)
Exposure: 89K records · 8 fields: Case Number, Driver's License, Email Address, Full Name, Medical Diagnosis, Phone Number, Physical Address, Social Security Number
Status: Confirmed

Executive Summary

Spindletop Center, a Beaumont, Texas community mental-health and intellectual/developmental-disability provider (the local mental-health authority for its region), suffered a cyberattack around September 23-29, 2025 that rendered systems temporarily inoperable. The Rhysida ransomware group claimed responsibility on October 30, 2025, demanding ~15 BTC (~$1.65M). Spindletop reported 88,863 individuals affected to HHS. Exposed data included names, Social Security numbers, driver's license/government ID numbers, diagnosis information, and case numbers. (NOTE: prior record listed 217,644 affected and omitted medical/diagnosis; corrected to 88,863 with diagnosis and driver's license added.) 42 CFR Part 2 may apply where substance-use records are involved.

ObscureIQ assessment: Extremely sensitive. Risks include identity theft, medical fraud, stigma-based targeting, extortion, and privacy harms tied to mental health or support-service status.

Breach Impact

Because appearing in Spindletop's records signals a mental-health, developmental-disability, or substance-use service relationship, exposure carries acute stigma, discrimination, and coercion risk on top of identity-theft harm from Social Security numbers and driver's licenses. Diagnosis information and case numbers deepen the privacy harm for a vulnerable population, and disclosure of disability status itself creates discrimination risk.

About Spindletop Center

Spindletop Center is a community mental-health and intellectual/developmental-disability (IDD) services provider based in Beaumont, Texas, serving as the local mental-health authority for Jefferson, Hardin, and Orange counties. It provides mental-health treatment, IDD services, substance-use programs, and crisis/community support, maintaining highly sensitive clinical, case-management, and identity records.

Why They Hold Your Data

Behavioral health and support-service providers collect highly sensitive patient identity, treatment, counseling, insurance, and social-service records tied to mental health and community care.

Recent Developments

Spindletop Center was hit by a cyberattack around September 23-29, 2025 that rendered systems temporarily inoperable. The Rhysida ransomware group claimed responsibility on October 30, 2025, demanding roughly 15 bitcoin (~$1.65M) and threatening to publish. Spindletop reported 88,863 individuals affected to HHS, and its investigation concluded on December 3, 2025; class-action investigations followed.

Data Points Exposed

8 verified field types
Case Number
Driver's License Critical
Email Address
Full Name High
Medical Diagnosis Critical
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Stigma-based targeting and coercion tied to mental-health, developmental-disability, or substance-use service status
  • Identity theft and synthetic identity construction using SSN and driver's license
  • Medical identity fraud and insurance abuse using diagnosis data
  • Discrimination risk from disclosure of disability/behavioral-health status
  • Targeted phishing and vishing; doxxing from exposed home addresses
Threat vectors:
  • Stigma-based targeting & coercion
  • Full identity theft & synthetic identity fraud
  • Medical extortion, insurance fraud & discrimination
  • Identity fraud with official bodies
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Home targeting, stalking & physical threat

Threat Actor: Rhysida

Rhysida
Ransomware / Extortion

Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware / Extortion.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Spindletop Center breach?

Spindletop Center, a Beaumont, Texas community mental-health and intellectual/developmental-disability provider (the local mental-health authority for its region), suffered a cyberattack around September 23-29, 2025 that rendered systems temporarily inoperable. The Rhysida ransomware group claimed…

What data was exposed?

Verified fields include Case Number, Driver's License, Email Address, Full Name, Medical Diagnosis, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation