Impact & Downstream Threats
This breach carries critical risk due to the nature of exposed data fields and the scale of affected records.
- Identity theft and synthetic identity construction using government-issued IDs
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
- Medical identity fraud or insurance abuse using health data
Breach Intelligence
Executive Summary
In late 2024, American Addiction Centers (AAC), a prominent network of rehabilitation facilities, disclosed a significant data breach that exposed the personal and sensitive information of over 422,000 individuals. The breach, which occurred in September 2024, was the result of a ransomware attack by the Rhysida cybercriminal group. The compromised data was extensive, including patient names, Social Security numbers, dates of birth, medical record numbers, and health insurance information. Following the attack, Rhysida claimed to have exfiltrated 2.8 terabytes of data and subsequently published it online. AAC began notifying affected individuals in December 2024 and offered them credit monitoring services. The incident has led to multiple class-action lawsuits filed against the organization, alleging negligence in safeguarding patient data. ,
,
,
,
About American Addiction Centers
Addiction treatment provider operating rehab and recovery programs.
Data Points Exposed
Dark Web Verification
Status: Confirmed
- Dataset containing approximately 528K records identified in breach intelligence sources.
- The data is indexed and searchable across breach notification platforms.
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Non-clients may request a breach impact review.
Frequently Asked Questions
In September 2024, American Addiction Centers experienced a data breach that exposed approximately 528K records containing personal information.
The exposed data includes fields such as email address, medical diagnosis, phone number, physical address:home, ssn.
Approximately 528K records were affected based on current breach intelligence.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of American Addiction Centers
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam