Back to news
Cybersecurity Alert
July 6, 2026 by EmailMeNow IT Consulting

Was NLACRC Breached? We Scanned Their Domain Security

North Los Angeles County Regional Center filed a November 2024 ransomware breach with the California AG on June 30, 2026 — a 19-month reporting gap. SSNs, medical records, and photos were copied. nlacrc.org audits at 66% with 45% transport security.

Source: California Attorney General · ClassAction.org

NewsData BreachRansomwareCaliforniaHealthcareCybersecurity
North Los Angeles County Regional Center ransomware breach affecting developmental disabilities clients

Yes — North Los Angeles County Regional Center (NLACRC) experienced a ransomware incident in November 2024 that copied sensitive client information before encrypting systems. This incident is part of our California AG June 30, 2026 breach roundup.

Although affected individuals were notified in late 2024, NLACRC did not appear on the California Attorney General breach list until June 30, 2026 — with a listed breach date of November 20, 2024.

NLACRC serves individuals with developmental disabilities across the San Fernando, Santa Clarita, and Antelope valleys. The California AG notice letter template and reporting from ClassAction.org describe a double-extortion pattern: data copied first, then systems encrypted.

We scanned nlacrc.org to assess email and domain security posture relevant to this incident and follow-on impersonation risk for vulnerable clients and families.

What Happened

According to NLACRC’s notice and Healthcare Facilities Today:

  • November 20 – December 1, 2024 — Unauthorized actor accessed NLACRC systems and copied information before encrypting certain systems.
  • November 28, 2024 — Suspicious activity discovered; federal law enforcement and cybersecurity firms engaged.
  • December 31, 2024 — Personalized notification letters mailed to affected individuals.
  • June 30, 2026 — Incident listed on the California AG public breach portal.

The 19-month gap between the November 2024 intrusion and June 2026 AG listing highlights how California’s public index can lag individual notification timelines — even for regional centers serving highly vulnerable populations.

Breach Impact at a Glance

FieldDetail
OrganizationNorth Los Angeles County Regional Center (NLACRC)
SectorDevelopmental disabilities / regional center services
Breach windowNov 20 – Dec 1, 2024
DiscoveryNov 28, 2024
Client letters mailedDec 31, 2024
CA AG listedJune 30, 2026
Attack typeRansomware (copy + encrypt)
Credit monitoring12 months offered

Data at Risk

Potentially exposed information varies by individual but may include:

  • Names, addresses, dates of birth, phone numbers, email
  • Social Security numbers
  • Financial account and payment card information
  • Health insurance information and medical records — diagnoses, medications, lab results, treatment data
  • Full-face photographs and patient ID numbers

Because NLACRC clients often have developmental disabilities, identity theft and medical fraud can be especially harmful when caregivers must monitor accounts on a dependent’s behalf.

Illustration: regional center client SSN medical records and photos exposed in ransomware breach

Regulatory Context

RequirementDetail
California AG filingListed June 30, 2026 (breach date Nov 20, 2024)
Client notificationLetters mailed Dec 31, 2024
Law enforcementFederal agencies notified November 2024
Identity theft observedNone reported at time of initial notice

NLACRC was one of four organizations added to the California AG list on June 30, 2026.

Independent Cybersecurity Audit

We ran an EmailMeNow Cybersecurity Audit of nlacrc.org on July 6, 2026:

DomainOverallIdentityTransportWebsiteRisk
nlacrc.org66%75%45%45%Above Average

Key findings:

  • 66% overall (Above Average) — better than many regional agencies, but still below the 100% ideal for organizations handling SSNs, medical records, and client photos.
  • 75% Identity & Spoofing — partial-to-strong DMARC posture; room to reach full reject-mode enforcement for spoofed @nlacrc.org caregiver phishing.
  • 45% Transport Security — MTA-STS/TLS-RPT gaps leave mail-path downgrade risk during breach-notification season.
  • 45% Website Security — public web hardening lags email identity scores.
  • 100% Email Infrastructure — mail routes through Microsoft 365 / Exchange.

Illustration: nlacrc.org email security audit showing transport and website gaps for regional center

Weak transport and website controls do not cause ransomware by themselves, but they amplify harm when families receive legitimate breach letters alongside spoofed credit-monitoring phishing.

Audit link: nlacrc.org audit

Priority Actions

If you or a family member received an NLACRC notice:

  • Enroll in official credit monitoring only through instructions in your letter.
  • Guardians should monitor medical billing, Medi-Cal statements, and financial accounts on behalf of dependents.
  • Report suspicious calls impersonating NLACRC case managers.

For regional centers and disability services providers:

  • Enforce phishing-resistant MFA on case-management, billing, and email admin accounts.
  • Deploy DMARC p=reject and MTA-STS mode=enforce before the next ransomware listing.
  • Segment client PHI from corporate email; test offline backups against encrypt-and-exfiltrate playbooks.
  • File AG notices promptly — long public-listing gaps erode trust with vulnerable communities.

Protect client PHI and caregiver correspondence.

Run a free Instant Cybersecurity Audit at audit.emailmenow.com or contact EmailMeNow IT Consulting for DMARC enforcement, MTA-STS deployment, and incident response planning.


Sources: California AG — NLACRC notice letter (PDF) · California AG — Data Breach List · ClassAction.org — NLACRC breach · Healthcare Facilities Today — NLACRC ransomware · EmailMeNow audit — nlacrc.org