Nova Recovery Center Data Breach Lawsuit Investigation

Were you treated at Nova Recovery Center and just received a breach notice? A May 2025 cyber-attack exposed highly sensitive medical and financial details of thousands of patients. Act quickly to protect your identity and explore possible compensation.

What Happened?

On May 25, 2025, Nova Recovery Center—an Austin, Texas drug- and alcohol-rehabilitation provider—detected unauthorized access to its computer network. A threat actor known online as “nightly” later claimed to have stolen more than 200 GB of confidential data and 1 TB of CCTV footage. Internal investigation findings released June 17, 2025 confirmed the intrusion compromised both personally identifiable information (PII) and protected health information (PHI).

Regulators were notified in early August 2025, with public disclosures filed to the Texas and Maine Attorneys General. The center began mailing letters to 5,521 affected patients—5,518 in Texas and three in Maine—on August 1, 2025.

What Information Was Exposed?

The stolen files may include some or all of the following:

• Full name
• Social Security number
• Date of birth
• Home address
• Government-issued ID or driver’s license number
• Medical and health-insurance records
• Financial data: bank account, credit/debit card, or payment details

Nova Recovery Center’s Response

To help patients safeguard their credit, Nova Recovery Center is offering complimentary 12-month Kroll identity-monitoring services. A dedicated assistance line is available at 866-559-3487 (Monday–Friday, 8 a.m.–5:30 p.m. CT).

Protect Yourself Now

• Enroll in the free Kroll service as soon as possible.
• Monitor financial statements and insurance claims for unfamiliar transactions.
• Activate a fraud alert or security freeze with the three major credit bureaus.
• Beware of phishing emails, calls, or texts referencing the breach.

Can You File a Lawsuit?

Patients whose data was compromised may be entitled to seek damages for:

• Reimbursement of out-of-pocket expenses (credit-monitoring, professional fees, etc.).
• Compensation for time spent mitigating fraud or identity theft.
• Payment for anxiety, emotional distress, or loss of privacy.

Courts have increasingly recognized that exposure of Social Security numbers and medical records creates a substantial risk of future fraud—often enough to justify monetary relief. Consult an experienced data-breach attorney to evaluate your specific situation.

Timeline of Key Events

• May 25 2025 – Unauthorized access discovered.
• May 25 2025 – Threat actor “nightly” claims 200 GB data theft.
• June 17 2025 – Forensic investigation confirms scope of breach.
• July 9 2025 – Individuals tied to compromised data identified.
• August 1 2025 – Notification letters begin mailing.
• August 5 2025 – Texas & Maine AGs receive disclosure filings.

Frequently Asked Questions

Was my Social Security number exposed in the Nova Recovery Center breach?

Yes. Nova Recovery Center’s filings list Social Security numbers among the compromised data elements.

How do I enroll in the free credit monitoring offered by Nova Recovery Center?

Your notification letter contains an activation code and instructions for signing up with Kroll online or by phone.

Do I need to pay a lawyer to pursue a Nova Recovery Center data breach claim?

Many data-breach firms take these cases on a contingency-fee basis, meaning you pay nothing unless they obtain a recovery for you.

Can medical identity theft occur because of this breach at Nova Recovery Center?

Yes. Stolen medical and insurance details can be used to submit fraudulent claims, obtain prescriptions, or access treatment under your name.

How long will Nova Recovery Center keep providing assistance?

The complimentary Kroll services last 12 months, but you may choose to continue monitoring at your own expense afterward.

This article will be updated as more details become available.