Yes — North Los Angeles County Regional Center (NLACRC) experienced a ransomware incident in November 2024 that copied sensitive client information before encrypting systems. This incident is part of our California AG June 30, 2026 breach roundup.
Although affected individuals were notified in late 2024, NLACRC did not appear on the California Attorney General breach list until June 30, 2026 — with a listed breach date of November 20, 2024.
NLACRC serves individuals with developmental disabilities across the San Fernando, Santa Clarita, and Antelope valleys. The California AG notice letter template and reporting from ClassAction.org describe a double-extortion pattern: data copied first, then systems encrypted.
We scanned nlacrc.org to assess email and domain security posture relevant to this incident and follow-on impersonation risk for vulnerable clients and families.
What Happened
According to NLACRC’s notice and Healthcare Facilities Today:
- November 20 – December 1, 2024 — Unauthorized actor accessed NLACRC systems and copied information before encrypting certain systems.
- November 28, 2024 — Suspicious activity discovered; federal law enforcement and cybersecurity firms engaged.
- December 31, 2024 — Personalized notification letters mailed to affected individuals.
- June 30, 2026 — Incident listed on the California AG public breach portal.
The 19-month gap between the November 2024 intrusion and June 2026 AG listing highlights how California’s public index can lag individual notification timelines — even for regional centers serving highly vulnerable populations.
Breach Impact at a Glance
| Field | Detail |
|---|---|
| Organization | North Los Angeles County Regional Center (NLACRC) |
| Sector | Developmental disabilities / regional center services |
| Breach window | Nov 20 – Dec 1, 2024 |
| Discovery | Nov 28, 2024 |
| Client letters mailed | Dec 31, 2024 |
| CA AG listed | June 30, 2026 |
| Attack type | Ransomware (copy + encrypt) |
| Credit monitoring | 12 months offered |
Data at Risk
Potentially exposed information varies by individual but may include:
- Names, addresses, dates of birth, phone numbers, email
- Social Security numbers
- Financial account and payment card information
- Health insurance information and medical records — diagnoses, medications, lab results, treatment data
- Full-face photographs and patient ID numbers
Because NLACRC clients often have developmental disabilities, identity theft and medical fraud can be especially harmful when caregivers must monitor accounts on a dependent’s behalf.

Regulatory Context
| Requirement | Detail |
|---|---|
| California AG filing | Listed June 30, 2026 (breach date Nov 20, 2024) |
| Client notification | Letters mailed Dec 31, 2024 |
| Law enforcement | Federal agencies notified November 2024 |
| Identity theft observed | None reported at time of initial notice |
NLACRC was one of four organizations added to the California AG list on June 30, 2026.
Independent Cybersecurity Audit
We ran an EmailMeNow Cybersecurity Audit of nlacrc.org on July 6, 2026:
| Domain | Overall | Identity | Transport | Website | Risk |
|---|---|---|---|---|---|
| nlacrc.org | 66% | 75% | 45% | 45% | Above Average |
Key findings:
- 66% overall (Above Average) — better than many regional agencies, but still below the 100% ideal for organizations handling SSNs, medical records, and client photos.
- 75% Identity & Spoofing — partial-to-strong DMARC posture; room to reach full reject-mode enforcement for spoofed
@nlacrc.orgcaregiver phishing. - 45% Transport Security — MTA-STS/TLS-RPT gaps leave mail-path downgrade risk during breach-notification season.
- 45% Website Security — public web hardening lags email identity scores.
- 100% Email Infrastructure — mail routes through Microsoft 365 / Exchange.

Weak transport and website controls do not cause ransomware by themselves, but they amplify harm when families receive legitimate breach letters alongside spoofed credit-monitoring phishing.
Audit link: nlacrc.org audit
Priority Actions
If you or a family member received an NLACRC notice:
- Enroll in official credit monitoring only through instructions in your letter.
- Guardians should monitor medical billing, Medi-Cal statements, and financial accounts on behalf of dependents.
- Report suspicious calls impersonating NLACRC case managers.
For regional centers and disability services providers:
- Enforce phishing-resistant MFA on case-management, billing, and email admin accounts.
- Deploy DMARC
p=rejectand MTA-STSmode=enforcebefore the next ransomware listing. - Segment client PHI from corporate email; test offline backups against encrypt-and-exfiltrate playbooks.
- File AG notices promptly — long public-listing gaps erode trust with vulnerable communities.
Related Trackers
- California AG June 30 roundup
- California AG breach tracker
- Healthcare AG breach tracker
- Ransomware threat landscape
- All state AG trackers
Protect client PHI and caregiver correspondence.
Run a free Instant Cybersecurity Audit at audit.emailmenow.com or contact EmailMeNow IT Consulting for DMARC enforcement, MTA-STS deployment, and incident response planning.
Sources: California AG — NLACRC notice letter (PDF) · California AG — Data Breach List · ClassAction.org — NLACRC breach · Healthcare Facilities Today — NLACRC ransomware · EmailMeNow audit — nlacrc.org