Pierluigi Paganini March 19, 2025

California Cryobank, the largest US sperm bank, suffered a data breach exposing customer information.

California Cryobank (CCB) is the largest sperm bank in the U.S., providing frozen donor sperm and reproductive services, including egg and embryo storage. It operates in all 50 states and over 30 countries worldwide, helping individuals and couples with fertility treatments.

The company disclosed a data breach that exposed customers’ personal information. The company did not dislose technical details about the attack.

CCB discovered unauthorized activity on its IT systems on April 21, 2024, and promptly isolated the affected systems. An investigation revealed that an unauthorized party accessed or acquired files between April 20 and April 22, 2024. As a precaution, the company conducted a thorough review of potentially compromised files.

“Upon identifying the activity on April 21, 2024, CCB isolated the computers from our IT network and launched an investigation. Through our investigation, CCB determined that an unauthorized party gained access to our IT environment and may have accessed and/or acquired files maintained on certain computer systemsbetween April 20, 2024 and April 22, 2024.” reads the data breach notification letter shared with Maine Attorney General.”Out of an abundance of caution, CCB undertook a comprehensive search and review of the files that may have been accessed and/or acquired as a result of the incident.”

The company did not disclose the total number of affected individuals.

Threat actors potentially accessed and/or acquired some of customers’ information, including names, Social Security numbers, driver’s license numbers, financial account numbers and health insurance information. At this time, it is unclear if the exposed information includes any donor data.

On March 14, 2025, the company started sending mail notification letters to affected individuals. Those impacted will receive a free one-year credit monitoring service through CyberScout. CCB has also set up a toll-free call center for inquiries and is implementing enhanced security measures to prevent future incidents.

“As a precaution, we are offering you a complimentary twelve (12) months membership to identity protection services through TransUnion. The services include access to Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score services at no charge. These services provide you with alerts for twelve months from the date of enrollment when changes occur to any of your Experian, Equifax or TransUnion credit files.” concludes the notification letter. “In addition, we are providing you with proactive fraud assistance to help with any questions that you might have or in the event that you become a victim of fraud”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, California Cryobank)