Southern California University of Health Sciences disclosed a data breach after hackers gained unauthorized access to files stored on its network in March 2026. The breach exposed sensitive personal information, including Social Security numbers, affecting individuals connected to the university.
Southern California University of Health Sciences’s Data Breach Investigation
Southern California University of Health Sciences (“SCUHS”) announced a cybersecurity incident involving unauthorized access to files stored within its computer network. According to the university’s disclosure, SCUHS became aware of suspicious activity on March 24, 2026, prompting an immediate response with assistance from outside cybersecurity specialists.
The university stated that cybersecurity experts were engaged to help secure the network environment and determine the nature and scope of the unauthorized activity. The investigation ultimately determined that an unauthorized actor viewed and copied certain files stored within the SCUHS network between March 23 and March 24, 2026.
Following the discovery, SCUHS conducted a comprehensive review of the impacted files to determine what information had been involved and identify the individuals potentially affected by the breach. According to the university, the review determined that the compromised information included names and Social Security numbers.
Although the university stated that it had no evidence of identity theft or fraud connected to the incident at the time notifications were issued, breaches involving Social Security numbers can create serious risks for affected individuals. Cybercriminals may use exposed personal information to commit identity theft, tax fraud, open fraudulent accounts, or conduct phishing schemes targeting victims.
SCUHS reported that it moved quickly to investigate the incident, restore functionality to affected systems, and identify impacted individuals. The university also stated that it implemented additional safeguards and employee training measures as part of its ongoing efforts to improve data security protections.
On or about May 18, 2026, SCUHS began notifying affected individuals about the incident, including two Maine residents identified as part of the breach. The university additionally reported that it notified other state regulators and the three major credit reporting agencies — Equifax, Experian, and TransUnion — regarding the incident.
As part of its response efforts, SCUHS is offering impacted individuals 12 months of complimentary credit monitoring and identity protection services through Kroll. The services include single-bureau credit monitoring, fraud consultation, and identity theft restoration assistance.
The university also provided affected individuals with guidance regarding fraud alerts, credit freezes, free credit reports, and identity theft prevention strategies. Consumers were encouraged to monitor account statements and credit reports closely for suspicious activity and to report any suspected identity theft or fraud to law enforcement and relevant government agencies.
Cybersecurity incidents involving educational institutions and healthcare-related organizations are particularly concerning because these entities often maintain large amounts of sensitive personal information. Universities and health sciences institutions may store student records, employment data, Social Security numbers, financial records, and other confidential information that can become valuable targets for cybercriminals.
Companies and institutions entrusted with sensitive personal information may have legal obligations to implement reasonable cybersecurity safeguards to protect that data from unauthorized access. When those protections allegedly fail, affected individuals may experience long-term risks related to fraud, identity theft, and privacy concerns. In some cases, impacted consumers may explore legal options through class action litigation seeking compensation for damages associated with a data breach.
When Did This Breach Occur?
Southern California University of Health Sciences reported that the unauthorized access occurred between March 23, 2026, and March 24, 2026. The university stated it became aware of the suspicious activity on March 24, 2026, and launched an investigation shortly afterward.
Affected individuals began receiving written notification letters on or about May 18, 2026.
What Information Was Breached?
According to Southern California University of Health Sciences, the following information was involved in the breach:
- Names
- Social Security numbers
What You Can Do
Individuals affected by the Southern California University of Health Sciences data breach may want to take immediate steps to protect themselves against identity theft and fraud. Monitoring bank accounts, reviewing credit reports, and watching closely for suspicious activity may help detect misuse of personal information early.
Affected consumers may also consider placing fraud alerts or credit freezes with Equifax, Experian, and TransUnion. A credit freeze can help prevent unauthorized credit accounts from being opened using stolen personal information.
SCUHS is offering complimentary credit monitoring and identity protection services through Kroll for 12 months. Individuals who received a notification letter should carefully review the enrollment instructions and activate the offered protections before the enrollment deadline expires.
Consumers impacted by data breaches often do not realize they may have legal rights available to them. Learning more about your rights and potential legal remedies may help you make informed decisions after a cybersecurity incident involving sensitive personal information.
File a Data Breach Lawsuit Against Southern California University of Health Sciences
If you received a data breach notification letter from Southern California University of Health Sciences, you may be eligible to pursue compensation through a class action lawsuit. Data breach litigation may seek compensation for damages associated with identity theft risks, fraudulent activity, out-of-pocket expenses, lost time, and loss of privacy.
Organizations that store sensitive personal information may have a legal responsibility to maintain reasonable cybersecurity protections designed to prevent unauthorized access to consumer data. When those protections allegedly fail, affected individuals may have legal rights to seek accountability and financial recovery.
Many consumers are unaware they may qualify to participate in litigation following a data breach involving Social Security numbers and other sensitive information. Understanding your legal rights can be an important step toward protecting yourself after a cybersecurity incident.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.
