Bureau Home / Identity Theft / Data Breaches
Listed below are data breaches which were either reported to DATCP, or have been identified as affecting Wisconsin consumers, within this calendar year. Information is gathered on each breach and posted to this page in order to inform consumers of any services or resources that are being offered. To find details on past data breaches (2012-2023), refer to DATCP's
data breach archive.
If you are concerned about being or becoming a victim of identity theft as a result of a data breach, contact the Bureau of Consumer Protection at (800) 422-7128 or DATCPHotline@wisconsin.gov.
January 2024
Company Name: Navvis & Company
Date of Incident: Between July 12 and July 25, 2023
Date Public Notified: Rolling notices beginning September 22, 2023
Data Accessed: Names, account numbers, birthdates, diagnoses/clinical information, health insurance policy numbers, medical date of service, medical provider names, medical treatment/procedure information, and patient account numbers.
Who is Affected: Patients
Number of Individuals Affected: Unknown
Number of Wisconsin Residents Affected: 316,043
Who and how to contact if consumers have questions or need additional information: Credit monitoring for 12 months through IDX is being offered. Call (1-888) 996-4022 or visit the IDX website.
December 2023
Company Name: Advarra, Inc.
Date of Incident: October 25, 2023
Date Public Notified: Advarra informally notified all employees on November 1, 2023, and subsequently notified former employees. The formal notification process is ongoing.
Data Accessed: Names, Social Security numbers, employee numbers, employment statuses, street addresses, cities, zip codes, phone numbers, and salary information
Who is Affected: All current employees and an unknown number of former employees. The company is still reviewing the data affected.
Number of Individuals Affected: 1,765 US individuals identified to date (12/4/2023)
Number of Wisconsin Residents Affected: 278 individuals identified to date (12/4/2023)
Who and how to contact if consumers have questions or need additional information: Credit monitoring is offered through Kroll. Advarra is in the process of setting up a call center; individuals affected by the incident will receive this phone number in their formal notification.
September 2023
Company Name: Medica Community Health; Dean Health Plan; & Dean Health Service Company (branded as WellFirst Health)
Date of Incident: March 10, 2023
Date Public Notified: July 21, 2023
Data Accessed: Full names, addresses, dates of birth, email addresses, claims information (date, cost of services, and claims identifiers), health insurance identification numbers, healthcare providers, medical record numbers, and Social Security numbers
Who is Affected: Customers of Medica Community Health Plan; Dean Health Plan; and Dean Health Service Company (branded as WellFirst Health)
Number of Individuals Affected: Unknown
Number of Wisconsin Residents Affected: 540 total customers (9 Medica Community Health Plan customers, 350 Dean Health Plan, Inc. customers, 181 customers of Dean Health Service Company, LLC, branded as WellFirst Health)
Who and how to contact if consumers have questions or need additional information: Credit monitoring is available. Medica Community Health Plan members should call (800) 952-3455. Dean Health Plan, Inc. members should call (877) 234-4516 (TTY: 711). Dean Health Service Company members should call (866) 514-4194 (TTY: 711).
Company Name: Progress Software, Ipswitch, Inc. (MOVEit)
Date of Incident: May 27-31, 2023
Date Public Notified: Varies by each business affected
Data Accessed: Names, Social Security numbers, addresses, dates of b
rth
Who is Affected: Approximately 1,100 business customers. DATCP does not have a list of all affected businesses, but the following businesses have informed DATCP they were impacted by this breach:
Number of Individuals Affected:
Approximately 60 million
Number of Wisconsin Residents Affected: Unknown
Who and how to contact if consumers have questions or need additional information: Consumers may follow the instructions on the notification letter they received for information on where to direct questions and how to sign up for any credit monitoring that may be available.
Company Name: HCA Healthcare
Date of Incident: On, or prior to, July 5, 2023
Date Public Notified: July 10, 2023
Data Accessed: Patient names; city, state, and zip codes; email addresses; telephone numbers; dates of birth; genders; service dates; appointment locations; and next appointment dates
Who is Affected: Current patients
Number of Individuals Affected: 11 million
Number of Wisconsin Residents Affected: 4,600
Who and how to contact if consumers have questions or need additional information: Credit monitoring is available. A call center can be contacted at (1-888) 993-0010.
June 2023
Company Name: University of Illinois
Date of Incident: March 21, 2023
Date Public Notified:
May 2, 2023
Data Accessed: Names and physical mailing addresses
Who is Affected: Potential study participants
Number of Individuals Affected: 225
Number of Wisconsin Residents Affected: 1
Who and how to contact if consumers have questions or need additional information: Affected participants were asked to destroy information sent to them in error. Questions may be directed to Melissa Dzado-Swanson (dzadoswa@uic.edu) of the University of Illinois.
May 2023
Company Name: Fortra
Date of Incident: January 30, 2023
Date Public Notified: April 7, 2023
Data Accessed: Names, addresses, dates of birth, member ID numbers, dates of health plan coverage, employer names, Social Security numbers
Who is Affected: Brightline customers
Number of Individuals Affected: Unknown
Number of Wisconsin Residents Affected: 21
Who and how to contact if consumers have questions or need additional information: Credit monitoring available. For more information, call (248) 593-2952.
April 2023
Company Name: Chippewa County Human Services
Date of Incident: February 28, 2023
Date Public Notified: April 5, 2023
Data Accessed: Medical history numbers, client names, prescription information, progress notes
Who is Affected: Chippewa County Human Services clients
Number of Individuals Affected: 842
Number of Wisconsin Residents Affected: 842
Who and how to contact if consumers have questions or need additional information: Toni Hohlfelder at (715) 726-7970.
March 2023
Company Name: New Glarus School District
Date of Incident: July 1, 2022
Date Public Notified: March 8, 2023
Data Accessed: Names, Social Security Numbers, driver licenses/state IDs, health insurance information, healthcare information, financial account numbers
Who is Affected: Current and former employees, students
Number of Individuals Affected: 2,166
Number of Wisconsin Residents Affected: 2,003
Who and how to contact if consumers have questions or need additional information: Credit monitoring available. Call center is reachable at (1-833) 570-2949.
Company Name: Fortra
Date of Incident: January 28-30, 2023
Date Public Notified: March 6, 2023
Data Accessed: Names, addresses, medical billing and insurance information, certain medical information such as diagnoses and medication, Social Security Numbers, and demographic information such as dates of birth.
Who is Affected: Patients, some employees, and others
Number of Individuals Affected: Unknown
Number of Wisconsin Residents Affected: Unknown
Who and how to contact if consumers have any questions or need additional information: CHSPSC is making identity restoration and credit monitoring services available for 24 months through Experian. Affected individuals can call (1-800) 906-7947. The deadline to enroll is June 30, 2023.
January 2023
Company Name: T-Mobile
Date of Incident:
November 25, 2022
Date Public Notified: January 19, 2023
Data Accessed: Names, billing addresses, e-mail addresses, phone numbers, birth dates, T-Mobile account numbers, and type of service customers receive.
Who is Affected: Current customers
Number of Individuals Affected: 37 million
Number of Wisconsin Residents Affected: Unknown
Who and how to contact if consumers have any questions or need additional information: T-Mobile is offering 24 months of McAfee computer security services. Customers can call (1-800) 937-8997 to learn more or sign up.