California Cryobank Confirms Data Breach Exposing Sensitive Customer Information
California Cryobank LLC, one of the largest sperm donor repositories in the U.S., has confirmed a major data breach that compromised sensitive customer records. The cyberattack occurred on April 20, 2024, but remained undetected for nearly six months before being discovered on October 4, 2024. Affected individuals received formal breach notifications on March 14, 2025.
According to official breach notification documents, threat actors exploited a zero-day vulnerability in California Cryobank’s client management system to gain unauthorized access to customer databases containing personally identifiable information (PII). The attackers-maintained access for approximately 12 hours before security systems shut them out.
A forensic investigation later revealed that attackers used an SQL injection technique to bypass security measures, allowing them to steal customer records while compromising logging systems to avoid detection.
While California Cryobank has not disclosed the total number of affected individuals, state filings indicate at least 28 Maine residents were impacted. Security experts estimate the true number could reach into the thousands, given the company’s large client base across North America.
The Office of the Maine Attorney General reported that exposed information includes customers’ names, along with other sensitive identifiers. Given California Cryobank’s role in reproductive services, the breach raises concerns about the potential exposure of highly sensitive genetic and medical data.
California Cryobank has enlisted Baker & Hostetler LLP to oversee legal compliance with data breach notification laws, with partner Sara Goldstein leading the regulatory response.
In response to the breach, the company has implemented new security measures, including:
- Enhanced encryption protocols for sensitive customer data.
- Multi-factor authentication (MFA) for all database access points.
A company spokesperson emphasized that they take this security incident extremely seriously due to the sensitive nature of client information.
California Cryobank is providing affected individuals with one year of complimentary credit monitoring and identity theft protection through CyberScout. Customers are urged to:
- Enroll in the provided protection services immediately.
- Monitor financial accounts for suspicious activity.
- Place fraud alerts with major credit bureaus.
- Be cautious of unusual communications claiming to be from California Cryobank.
California Cryobank has established a dedicated call center to address customer concerns and assist with security measures. They are also working with law enforcement to determine the full scope of the breach.
Industry analysts warn that healthcare and reproductive technology organizations are becoming prime targets for cybercriminals, given the high value of genetic and medical data. This breach underscores the growing cybersecurity challenges faced by companies handling sensitive personal information.
