Two organizations in California—a dental care provider and a nonprofit childcare agency—have disclosed separate data breaches that exposed sensitive personal information of thousands of individuals.
Tieu Dental Corporation, which provides oral and maxillofacial surgery services, began notifying patients last summer after detecting unauthorized access to its network. The intrusion occurred between July 28 and July 29, 2025, and was identified on July 29.
Following a forensic investigation, the company confirmed on January 11, 2026, that compromised files contained sensitive patient data. This included names, dates of birth, Social Security numbers, medical records, treatment plans, prescription details, and health insurance information.
Tieu Dental stated that it has found no evidence of misuse of the stolen data. However, affected individuals have been offered complimentary credit monitoring and identity theft protection services as a precaution.
The number of impacted individuals has not yet been disclosed, and the incident does not currently appear on the U.S. Department of Health and Human Services’ Office for Civil Rights breach portal. No threat group has claimed responsibility.
In a separate incident, the Children’s Council of San Francisco (CCSF), a nonprofit childcare resource and referral agency, reported a ransomware attack affecting 12,655 individuals.
CCSF detected the breach on August 3, 2025, after experiencing network disruptions. An investigation with external cybersecurity experts determined that an unauthorized actor accessed its systems on August 1, 2025, and exfiltrated certain files. The SafePay ransomware group has claimed responsibility.
The organization completed its file review on February 23, 2026, confirming that exposed data included names and Social Security numbers. Notification letters were sent to affected individuals on March 2.
CCSF has reported the incident to the Federal Bureau of Investigation and has taken steps to strengthen its cybersecurity defenses. Like Tieu Dental, the nonprofit is offering affected individuals free credit monitoring and identity protection services.
Both incidents highlight ongoing cybersecurity risks facing healthcare providers and nonprofit organizations handling sensitive personal data.