Care N' Care Insurance Company, a Texas-based Medicare Advantage provider, suffered a major data breach exposing sensitive personally identifiable information (PII) and protected health information (PHI) of at least 32,452 individuals. The compromised data included names, addresses, dates of birth, Social Security numbers, medical records, health insurance details, and other sensitive personal information. The breach was disclosed to the Texas Attorney General’s office on October 7, 2025, following a cybersecurity incident that jeopardized the privacy and security of affected individuals. Victims face risks of identity theft, financial fraud, and unauthorized access to medical records, with potential long-term consequences such as credit damage, targeted phishing, and misuse of health data. The company has offered credit monitoring and identity protection services, but the exposure of highly sensitive data—particularly SSNs and medical information—heightens the severity of the incident. Legal investigations are underway, with affected individuals encouraged to seek compensation for damages.
Source: https://www.claimdepot.com/investigations/care-n-care-data-breach-2025
TPRM report: https://www.rankiteo.com/company/care-n'-care-insurance-company
"id": "car1702717100825",
"linkid": "care-n'-care-insurance-company",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '32,452',
'industry': 'Healthcare (Medicare Advantage)',
'location': 'Texas, USA (13-county service area in '
'North Texas)',
'name': "Care N' Care Insurance Company",
'type': 'Health Insurance Provider'}],
'customer_advisories': 'Customers notified via letters and public advisories '
'about the breach, exposed data, and steps to mitigate '
'risks (e.g., credit monitoring, fraud alerts).',
'data_breach': {'data_exfiltration': 'Likely (data exposed includes sensitive '
'PII/PHI)',
'number_of_records_exposed': '32,452',
'personally_identifiable_information': ['Name',
'Address',
'Date of birth',
'Social Security '
'number',
'Health insurance '
'information'],
'sensitivity_of_data': 'High (includes SSNs, medical records, '
'and health insurance details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2025-10-07',
'description': "Care N' Care Insurance Company, a Texas-based Medicare "
'Advantage health plan provider, reported a major data breach '
'compromising both personal and protected health information '
'of at least 32,452 individuals in Texas. The breach exposed '
'sensitive personally identifiable information (PII) and '
'protected health information (PHI), including names, '
'addresses, dates of birth, Social Security numbers, medical '
'information, health insurance details, and other sensitive '
'personal data.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive PII/PHI and '
'ongoing legal investigations',
'data_compromised': ['Name',
'Address',
'Date of birth',
'Social Security number',
'Medical information',
'Health insurance information',
'Other sensitive personal data'],
'identity_theft_risk': 'High (due to exposure of SSNs, medical, '
'and financial data)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'from affected individuals'},
'investigation_status': 'Ongoing (legal investigations by Shamis & Gentile '
'P.A.)',
'recommendations': ['Enroll in free credit monitoring and identity protection '
'services if offered.',
'Monitor financial statements regularly for suspicious '
'activity.',
'Place a fraud alert on credit reports.',
'Request free annual credit reports from major credit '
'bureaus.',
'Seek legal help to understand rights and pursue '
'compensation.'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'date_accessed': '2025-10-07',
'source': "Texas Attorney General's Office Disclosure"}],
'regulatory_compliance': {'legal_actions': 'Ongoing investigations by Shamis '
'& Gentile P.A. for potential '
'lawsuits and compensation claims',
'regulatory_notifications': 'Disclosed to the Texas '
"Attorney General's "
'office on Oct. 7, '
'2025'},
'response': {'communication_strategy': 'Disclosed breach to the Texas '
"Attorney General's office and "
'notified affected individuals via '
'letters. Public advisory through '
'Shamis & Gentile P.A. for legal '
'recourse.',
'recovery_measures': 'Offered free credit monitoring and '
'identity protection services to affected '
'individuals'},
'stakeholder_advisories': 'Affected individuals advised to review '
'notification letters, enroll in credit monitoring, '
'and seek legal counsel.',
'title': "Care N' Care Health Plan Data Breach",
'type': 'Data Breach'}