Absolute Dental Group Data Breach 2025: 1,223,635 Patients Exposed in Feb-Mar Network Intrusion · $3.3M Settlement Pending
Absolute Dental Group, the Nevada DSO with 50+ locations, confirmed an unauthorized actor accessed its network between February 19 and March 5, 2025. Names, Social Security numbers, driver's license data, treatment records, and insurance information for 1,223,635 individuals were exposed. A $3.3M class-action settlement received preliminary approval on March 10, 2026.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Feb 19, 2025
Unauthorized access to Absolute Dental network begins
Feb 26, 2025
Suspicious activity identified in information systems; third-party forensics engaged
Mar 5, 2025
Unauthorized access window closes
May 2, 2025
Initial filing with HHS Office for Civil Rights using placeholder count of 501
Jul 28, 2025
File review completed; full scope of affected individuals determined
Sep 3, 2025
Public disclosure and start of individual notification mailings
Mar 10, 2026
Court grants preliminary approval of $3.3M class-action settlement (Jordan v. Absolute Dental Group)
Jun 9, 2026
Deadline to object to or exclude from settlement
Jun 18, 2026
Settlement claim submission deadline
Jul 30, 2026
Final approval hearing scheduled
Feb 19, 2025
Unauthorized access to Absolute Dental network begins
Feb 26, 2025
Suspicious activity identified in information systems; third-party forensics engaged
Mar 5, 2025
Unauthorized access window closes
May 2, 2025
Initial filing with HHS Office for Civil Rights using placeholder count of 501
Jul 28, 2025
File review completed; full scope of affected individuals determined
Sep 3, 2025
Public disclosure and start of individual notification mailings
Mar 10, 2026
Court grants preliminary approval of $3.3M class-action settlement (Jordan v. Absolute Dental Group)
Jun 9, 2026
Deadline to object to or exclude from settlement
Jun 18, 2026
Settlement claim submission deadline
Jul 30, 2026
Final approval hearing scheduled
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Absolute Dental Group, the dental service organization that operates more than 50 clinics across Nevada (Las Vegas, Reno, Carson City, Sparks, and Minden) and additional locations in California and Texas, confirmed that an unauthorized actor had access to its network from February 19 through March 5, 2025. The intrusion was identified on February 26, 2025, and a months-long forensic file review concluded on July 28, 2025 that 1,223,635 patients had personal, identity, financial, and health information exposed. Individual notification mailings began in August 2025, and a $3.3 million class-action settlement in the U.S. District Court for the District of Nevada received preliminary approval on March 10, 2026.
According to the breach notice submitted to state attorneys general, the incident originated from “the inadvertent execution of a malicious version of a legitimate software tool” through an account associated with Judge Consulting, Inc., Absolute Dental’s third-party managed services provider (MSP). Security analysts have characterized this as a supply-chain attack: attackers exploited the trusted privileged access of the MSP rather than breaching Absolute Dental’s own network perimeter directly. No ransomware group has publicly claimed responsibility, and no leak-site posting of Absolute Dental data has been independently reported in the sources reviewed.
Absolute Dental’s initial HIPAA report to the HHS Office for Civil Rights on May 2, 2025 used a placeholder figure of 501 affected individuals. The corrected total of 1,223,635 was reported to multiple state attorneys general beginning August 26, 2025, and confirmed in individual notification letters. As of this writing, the federal OCR portal entry still reflects the placeholder count rather than the 1.2 million figure.
Timeline
- February 19, 2025 — Unauthorized access to Absolute Dental’s network begins.
- February 26, 2025 — Suspicious activity is identified in the dental group’s information systems. Third-party digital forensics experts are engaged.
- March 5, 2025 — Unauthorized access window ends; containment is achieved.
- May 2, 2025 — Initial HIPAA breach notification filed with HHS OCR using a 501-individual placeholder count.
- July 28, 2025 — Document and file review concludes, establishing the final count of 1,223,635 affected individuals.
- September 3, 2025 — Public disclosure issued; individual notification mailings begin; substitute notice posted.
- 2025 — Multiple proposed class actions consolidated as Jordan et al. v. Absolute Dental Group, LLC, Case No. 2:25-cv-00986 (D. Nev.).
- March 10, 2026 — Court grants preliminary approval of the $3.3M settlement.
- June 9, 2026 — Deadline for class members to object or opt out.
- June 18, 2026 — Deadline to submit a claim.
- July 30, 2026 — Final approval hearing scheduled.
What was exposed
The data elements confirmed exposed vary by individual but include:
- Name, contact information, and date of birth
- Social Security number
- Driver’s license or state-issued ID number
- Passport or other government ID information
- Health history, diagnosis, and treatment information
- Explanation of benefits and health insurance information
- Medical record numbers and patient ID numbers
- Financial account and payment card information (a subset of affected individuals)
The breach notice text confirms the intrusion vector: a malicious version of a legitimate software tool executed through Judge Consulting’s MSP account. No ransomware group has publicly claimed responsibility, and no leak-site posting of Absolute Dental data has been independently reported in the sources reviewed.
What the entity is offering
Absolute Dental is offering two years of complimentary identity monitoring through Kroll to notified individuals. Your notification letter includes a membership number and enrollment instructions; activate at info.krollmonitoring.com. A dedicated call center is available at (866) 559-3472, Monday through Friday, 8:00 a.m. to 5:30 p.m. CT, excluding major U.S. holidays.
The proposed $3.3M class-action settlement provides:
- Up to $5,000 per person for documented out-of-pocket losses traceable to the incident
- A pro rata cash payment from the remaining settlement fund for class members who do not document losses
- Doubled cash-fund payments for California residents at the time of the breach
- Settlement-administered identity protection services
Claims may be submitted online at the official settlement site or by mail to the settlement administrator by June 18, 2026.
Class-action and regulatory posture
The consolidated class action is captioned Jordan et al. v. Absolute Dental Group, LLC, et al., Case No. 2:25-cv-00986-JAD-DJA, in the U.S. District Court for the District of Nevada before Judge Jennifer A. Dorsey. Plaintiffs’ counsel of record include Ahdoot & Wolfson, P.C.; Stranch, Jennings & Garvey PLLC; Federman & Sherwood; Cafferty Clobes Meriwether & Sprengel LLP; and Winston & Strawn LLP. Multiple other firms, including Barnow and Associates and Morgan & Morgan, publicly opened investigations.
The settlement covers only the claims against Absolute Dental Group. Judge Consulting, Inc. is not part of the settlement and had a pending motion to dismiss as of the preliminary-approval date. The preliminary-approval order was entered on March 10, 2026. As part of the settlement, Absolute Dental agreed to implement enhanced cybersecurity measures. A final fairness hearing is set for July 30, 2026, at 10:00 a.m. at the Lloyd D. George Federal Courthouse, 333 Las Vegas Blvd. South, Las Vegas, NV. The HHS OCR portal entry remains open pending update to the corrected affected-count figure.
Absolute Dental filed state AG notifications beginning August 26, 2025 with attorneys general in California, Iowa, Maine, Massachusetts, Montana, Nebraska, New Hampshire, Oregon, Rhode Island, South Carolina, Texas, Vermont, and Washington. State-specific resident counts documented in the disclosures include approximately 1,892 Texas residents, 1,001 Washington residents, 170 Montana residents, 137 Massachusetts residents, and 46 New Hampshire residents.
What to do if you may be affected
- File a claim by June 18, 2026. If you received a notification letter from Absolute Dental Group, you are presumptively a class member. Use the official settlement site (absolutedatasettlement.com) and the unique ID and PIN from your settlement notice. Do not pay any third party to file on your behalf.
- Freeze your credit at Equifax, Experian, and TransUnion. Because Social Security numbers and government-ID data were exposed, a security freeze is materially more protective than monitoring alone. It is free and reversible.
- Activate your Kroll identity monitoring. Your notification letter includes a membership number. Enroll at info.krollmonitoring.com or call (866) 559-3472 (Mon–Fri, 8 a.m.–5:30 p.m. CT). Even with a credit freeze in place, the two-year monitoring service provides fraud consultation and identity restoration assistance worth using.
- Watch for medical identity theft. Because diagnosis and insurance information was exposed, review every Explanation of Benefits (EOB) document you receive and request a copy of your benefits history from your insurer if you see services you did not receive.
- Be alert to targeted phishing. An actor with your name, address, date of birth, and dental-treatment history can craft highly convincing lures. Treat unexpected calls or emails referencing your Absolute Dental visits with skepticism and verify through official channels before acting.
- Stop the ongoing flow of your dental and health data. HealthConsent files HIPAA restriction requests so that the treatment records, diagnosis history, and insurance information exposed in this breach are not continuously re-shared across dental networks, insurance clearinghouses, and health information exchanges. File a restriction request through HealthConsent.
Continue reading
Sources
- HHS Office for Civil Rights Breach Portal — federal regulatory record (filing dated 2025-05-02).
- HIPAA Journal — Absolute Dental Confirmed Data Breach Affecting Over 1.2 Million Individuals — incident timeline, exposed data, credit-monitoring offer.
- HIPAA Journal — Absolute Dental Settles Class Action Data Breach Lawsuit for $3.3M — settlement amount, court, deadlines.
- ClassAction.org — $3.3M Absolute Dental Group Settlement — case caption, case number, preliminary approval date.
- MyNews4 (Sinclair Reno) — Nevada dental practice data breach exposes 1.2 million individuals’ information — local press confirmation of scope and dates.
- Fox5 Vegas — Nevada-based Absolute Dental reports data leak — Las Vegas local press coverage of the September 3, 2025 disclosure.
- Bloomberg Law — Absolute Dental Group Hit With Class Action Over Data Breach — class-action filing record.
- Absolute Dental Settlement Administrator — official settlement notice, claim portal, FAQ.
- PR Newswire — Official Class Notice — court-approved notice text.
- Barnow and Associates — Absolute Dental Data Breach Investigation — plaintiff-side investigation summary.
- Paubox — Absolute Dental agrees to $3.3 million lawsuit settlement — Judge Consulting’s MSP role, supply-chain attack analysis.
- Montana AG — Absolute Dental consumer notification letter — official notice text confirming Kroll monitoring, call center number, enrollment deadline language.
- HIPAA Times — Absolute Dental breach exposes data of over 1.2 million patients — MSP access vector and NH AG filing analysis.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- HIPAA Journal — Absolute Dental Confirmed Data Breach Affecting Over 1.2 Million Individuals
- HIPAA Journal — Absolute Dental Settles Class Action Data Breach Lawsuit for $3.3M
- ClassAction.org — $3.3M Absolute Dental Group Settlement Ends Class Action Lawsuit Over 2025 Data Breach
- MyNews4 (Reno) — Nevada dental practice data breach exposes 1.2 million individuals' information
- Fox5 Vegas — Nevada-based Absolute Dental reports data leak
- Bloomberg Law — Absolute Dental Group Hit With Class Action Over Data Breach
- Absolute Dental Settlement Administrator (official notice site)
- PR Newswire — Official class notice from settlement administrator
- Barnow and Associates — Absolute Dental Data Breach Investigation
- Paubox — Absolute Dental agrees to $3.3 million lawsuit settlement (Judge Consulting MSP role and supply-chain analysis)
- Montana AG — Absolute Dental consumer notification letter (Kroll monitoring details, hotline number)
- HIPAA Times — Absolute Dental breach exposes data of over 1.2 million patients
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.