California Cryobank, the Largest US Sperm Bank, Disclosed a Data Breach Exposing Customer Information

California Cryobank (CCB), the largest sperm bank in the United States, has disclosed a data breach that exposed customer information. As one of the leading providers of frozen donor sperm and reproductive services, including egg and embryo storage, CCB operates in all 50 states and over 30 countries worldwide, helping individuals and couples with fertility treatments.

The company revealed the breach on [date], stating that it was discovered on April 21, 2024, when unauthorized activity was detected on its IT systems. In response, CCB promptly isolated the affected systems and launched an investigation to determine the extent of the breach. The investigation found that an unauthorized party gained access to certain computer systems between April 20, 2024, and April 22, 2024.

As a precautionary measure, CCB conducted a thorough review of potentially compromised files. However, the company did not disclose technical details about the attack, leaving many questions unanswered. It is unclear how the breach occurred or whether the data was accessed before it was isolated on April 21, 2024.

The notification letter shared with the Maine Attorney General revealed that an unauthorized party potentially accessed and/or acquired customers' personal information, including:

  • Names
  • Social Security numbers
  • Driver's license numbers
  • Financial account numbers
  • Health insurance information

It is unclear whether the exposed information includes any donor data. To mitigate this risk, CCB has started sending mail notification letters to affected individuals, offering a free one-year credit monitoring service through CyberScout. Additionally, the company has set up a toll-free call center for inquiries and implemented enhanced security measures to prevent future incidents.

"As a precaution, we are offering you a complimentary twelve (12) months membership to identity protection services through TransUnion," reads the notification letter. "The services include access to Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score services at no charge. These services provide you with alerts for twelve months from the date of enrollment when changes occur to any of your Experian, Equifax or TransUnion credit files."

"In addition, we are providing you with proactive fraud assistance to help with any questions that you might have or in the event that you become a victim of fraud," concludes the notification letter. This incident highlights the importance of data security and the need for companies to prioritize protecting sensitive customer information.