Southern California Univ. Health Sciences Data Breach Investigation
According to a regulatory filing, Southern California University of Health Sciences reported a hacking-related security incident involving its network in March 2026. The filing indicates written notices were sent on May 18, 2026, and the information involved may have included names and Social Security numbers. If you received a notice, it is smart to review the letter carefully, enroll in any offered monitoring, and watch your credit and tax records. You can also fill out the form on this page to ask whether you may qualify for a claim.
Southern California University of Health Sciences is a California-based organization in the healthcare sector. The regulatory materials reviewed for this article indicate the organization is located in California, and people connected to it may be looking for clear information about a reported security incident and what steps to take now.
Key Facts at a Glance
- Entity: Southern California University of Health Sciences
- Reported incident type: External system breach (hacking), according to a Maine Attorney General filing
- Reported incident window: March 23, 2026 to March 24, 2026
- Date discovered: April 24, 2026
- Consumer notice date: May 18, 2026
- Public listing date: May 19, 2026
- Reported number of affected individuals: 2,206
- Information that may have been involved: Name and Social Security number
- Identity protection offered: 12 months of Kroll Identity Monitoring Services
What Happened?
According to a filing submitted to the Maine Attorney General, Southern California University of Health Sciences reported that an external system breach, described as hacking, occurred between March 23 and March 24, 2026. The same filing says the event was discovered on April 24, 2026, and that written notices were sent to affected individuals on May 18, 2026.
The public filing provides only limited detail about how the reported intrusion happened, what systems were accessed, or whether the information has been misused. The filing also lists a contact for the organization: Suzanne Williamson, Director of Compliance and Legal Affairs, at (562) 902-3359.
What Information Was Exposed?
Based on the regulatory reporting and structured breach data reviewed for this post, the information that may have been involved includes a person’s name and Social Security number. That combination can create a meaningful risk of identity theft because Social Security numbers may be used to open accounts, file fraudulent tax returns, or support other impersonation attempts.
The public materials reviewed here do not clearly identify broader categories of information, so this article does not assume that financial account details, medical records, or other data were involved. If you received a letter, the specific notice you received may provide more detail about your situation.
What Should You Do Next?
- Read any notice carefully. Check whether the letter identifies the information involved, explains the timing, and gives instructions for enrolling in monitoring services.
- Enroll in the offered identity monitoring. The Maine filing says 12 months of Kroll Identity Monitoring Services were offered. If you received a code or enrollment instructions, consider using them before any deadline expires.
- Review your credit files. Request your credit reports from the nationwide credit bureaus and look for accounts or inquiries you do not recognize. If you are concerned about misuse, consider placing a fraud alert or credit freeze.
- Watch for identity-theft warning signs. Monitor bank statements, insurance communications, tax filings, and mail for unexpected bills, notices, or account activity.
- Secure your accounts. If you reused passwords across services, change them and enable multi-factor authentication where available. While the reported data here centers on name and Social Security number, stronger account security is still a sensible precaution.
- Keep records and ask questions. Save the notice, document time spent addressing the issue, and keep receipts for any out-of-pocket costs. If you want to understand your options, you can fill out the form on this page to see whether you may qualify for a claim.
Your Legal Rights
If your personal information was involved in a reported data incident, you may have legal rights depending on the facts, the type of information at issue, and the state law that applies. In these matters, attorneys often examine whether reasonable safeguards were in place, whether notice was provided in a timely way, and whether affected people were offered meaningful help after the incident was discovered.
Potential harms in data incident matters can include out-of-pocket expenses, lost time, and the ongoing burden of monitoring for identity theft. A lawyer can help explain whether a class action investigation or another type of claim may be appropriate, but the answer depends on the specific facts of the incident and your circumstances.
Why Hire Strauss Borrelli PLLC?
Strauss Borrelli PLLC represents individuals in data breach and privacy matters and has experience investigating reported security incidents affecting consumers nationwide. The firm works to translate dense notices and regulatory filings into clear next steps, so affected people can better understand what may have happened and what options may be available.
If Southern California University of Health Sciences notified you about this reported incident, Strauss Borrelli PLLC can review the public information, help you understand the issues raised by the notice, and discuss whether you may have a potential claim. You can contact the firm using the form provided on this page to discuss your options.
If you received a breach notification letter from Southern California University of Health Sciences:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
