First Advantage Corporation Data Breach Exposes SSNs and Driver's Licenses
First Advantage Corporation, a global background screening company, experienced a cybersecurity incident in November 2025. An unauthorized actor gained access to a single employee's email inbox within its Drug & Occupational Health Screening Unit through a sophisticated phishing attack. The attacker downloaded the contents of the inbox, potentially exposing sensitive personal information for 4,669 individuals. This data included names, Social Security numbers, driver's license numbers, email addresses, and passwords to Profile Advantage accounts. First Advantage began notifying affected individuals on or about May 29, 2026.
Signal context
First seen: May 29, 2026
Last updated: Jun 24, 2026
Status: Public signal
Key points
- Cybersecurity incident in November 2025, discovered November 17, 2025.
- Phishing attack compromised an employee's email inbox.
- Unauthorized actor downloaded email inbox contents.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Health Care and Social Assistance
Likely country: Location not provided
The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.
- Source type: outside the affected organization
- Source type: possible insider or internal misuse
Impact area: Confidentiality
Likely asset: User or customer data
- 6 signals in the same sector
- 90 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Related signals
Grouped by why the signal is relevant.
Healthcare AI Company Xsolis Suffers Data Breach Impacting 1.4 Million Individuals
Healthcare AI company Xsolis disclosed a data breach affecting nearly 1.4 million individuals. The incident stemmed from a targeted phishing attack on January 20, 2026, which gave attackers unauthorized access to files containing sensitive patient information. The compromised data potentially includes names, dates of birth, Social Security numbers, health insurance details, and medical treatment records. Xsolis confirmed the incident has been contained and is notifying affected individuals, offering free credit monitoring.
Huntsville Hospital Health System Notifies Patients of Data Exposure from Cerner Breach
Huntsville Hospital Health System informed patients on June 26, 2026, about a data exposure stemming from a 2025 breach on Cerner's (now Oracle Health) legacy systems. The breach, which occurred on January 22, 2025, exposed personal and medical information. Cerner had notified its healthcare clients, including Huntsville Hospital, on August 12, 2025, but patient notification was delayed at the request of law enforcement.
ACLA Data Breach Exposes Social Security Numbers and Medical Information
Anatomic and Clinical Laboratory Associates P.C. (ACLA) disclosed a data breach involving unauthorized access to its computer network. The breach, discovered in December 2025, exposed personally identifiable information (names, dates of birth, Social Security numbers, taxpayer identification numbers) and protected health information (medical dates of service, diagnoses, medical history) for 69 Massachusetts residents.
Kentucky Mountain Health Alliance Discloses Data Breach Affecting SSNs and Medical Records
Kentucky Mountain Health Alliance Inc., a nonprofit health center, disclosed a data breach to the Massachusetts Office of Consumer Affairs and Business Regulation on June 19, 2026. The incident involved unauthorized access to patient data, some of which was copied. The exposed information included driver's licenses, medical records, and Social Security numbers. The specific method of attack, dates of the incident, or discovery date remain unknown. The organization is offering affected individuals a free, two-year membership to identity monitoring services.
Horizon Family Medical Group Data Breach
Reports emerged on June 18, 2026, of a possible data breach at Horizon Family Medical Group, a medical provider in New York's Hudson Valley region. Threat actor Incransom claimed to have stolen 7 TB of data, including medical information such as diagnoses, prescriptions, treatments, and lab results.
Sand Hills Medical Foundation Hit by Inc Ransomware, Patient Data Leaked
Sand Hills Medical Foundation in South Carolina was impacted by the Inc ransomware group, which claimed responsibility and leaked stolen data on June 15, 2026. Approximately 169,000 patients were affected, with exposed data including Protected Health Information (PHI), Social Security numbers, driver's licenses, and passports.