DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Texas Health and Human Services Commission Notifies Additional Individuals Regarding Insider Wrongdoing Breach

Posted on May 1, 2025 by Dissent

There’s an update to an insider data breach previously announced in January 2025. Yesterday’s announcement brings the new total affected to almost 95,000 people. 

April 30, 2025. AUSTIN – The Texas Health and Human Services Commission is notifying an additional 33,529 recipients of agency services and other affected individuals that their protected health, personal identifying or sensitive personal information may have been inappropriately accessed, used or disclosed.

As a result of an internal review, HHSC identified additional individuals impacted by the privacy breach previously announced on Jan. 17, 2025. HHSC terminated the employees involved and referred the incident to the Texas Health and Human Services Office of Inspector General (OIG) for investigation and coordination with prosecutor offices to pursue criminal charges.

HHSC recommends that affected individuals carefully review their accounts and health care provider, insurance company and financial institution statements to make sure their account activity is correct. Report any questionable charges promptly to the provider or company and contact law enforcement.

HHSC advises Supplemental Nutrition Assistance Program (SNAP) recipients to check their Lone Star Card transactions for potential fraudulent activity at YourTexasBenefits.com or through the Your Texas Benefits mobile app. Recipients who believe they may have been a victim of SNAP fraud should call 2-1-1, select a language, and choose option 3 to report the fraud to the OIG. They should also contact law enforcement to report the fraud and visit a local HHSC benefits office to have their benefits replaced.

The data that may have been inappropriately accessed, used or disclosed were not the same for everyone. HHSC has determined full names, home addresses, telephone numbers, dates of birth, email addresses, Social Security numbers, Medicaid and Medicare identification numbers, financial, employment, banking, benefits, health, insurance, medical, certificate, license and other personal information may have been inappropriately accessed between June 2021 and January 2025. Affected individuals can read the Privacy Breach Substitute Notice and FAQ (PDF).

HHSC is offering two years of free credit monitoring and identity theft protection services to those affected by the breach. Individuals affected by the breach will be notified via first-class mail no later than April 30. They can also call 866-362-1773, toll-free, Monday through Friday from 8 a.m. to 8 p.m. Central time (excluding major U.S. holidays). When calling, use the engagement number B139792.

After receiving notification on Nov. 21, 2024, HHSC confirmed the privacy incident on Dec. 5, 2024. Through further review, the agency connected the incident to employee misconduct first identified on July 9, 2024.

To date, HHSC has terminated nine employees and identified at least 94,000 individuals who may have been impacted by the privacy breach.

HHSC is strengthening internal security controls and working to implement additional fraud prevention measures, including enhanced monitoring and alerts to detect suspicious activity. HHSC understands the impact this privacy breach may have, and is committed to protecting the confidential information of those we serve.

Source: Texas Health and Human Services Commission

Category: Government SectorHealth DataInsider

Post navigation

← Cybersecurity experts investigating “suspicious activity” in Iowa County network
Barnstable County Sheriff’s Office Employee On Leave, Suspected In Data Breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach
  • ‘Deep concern’ for domestic abuse survivors as cybercriminals expected to publish confidential abuse survivors’ addresses
  • Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms
  • Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach
  • Hacker who breached communications app used by Trump aide stole data from across US government
  • Massachusetts hacker to plead guilty to PowerSchool data breach (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.