City of Franklin Data Breach 2025: 3,233 Affected · Hacking/IT Incident · WI. Filed With HHS OCR. What To Do.
City of Franklin (WI) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 03, 2025, reporting 3,233 affected individuals after an unauthorized actor accessed a city network server in August 2024 containing records dating back decades. Notification letters mailed in July 2025; identity-protection services offered via Cyberscout/TransUnion.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Aug 15, 2024
Unauthorized third party accessed a City of Franklin network server containing records reportedly dating back to the 1960s.
Aug 15, 2024
City of Franklin became aware of the data security incident and engaged independent forensic investigators; FBI notified.
May 19, 2025
Forensic investigation concluded, identifying the specific personal information involved.
Jul 3, 2025
HIPAA breach notification filed with HHS Office for Civil Rights (3,233 individuals; Hacking/IT Incident at Network Server).
Jul 14, 2025
City of Franklin published its public FAQ and began mailing individual notification letters with Cyberscout/TransUnion identity-protection enrollment.
Aug 15, 2024
Unauthorized third party accessed a City of Franklin network server containing records reportedly dating back to the 1960s.
Aug 15, 2024
City of Franklin became aware of the data security incident and engaged independent forensic investigators; FBI notified.
May 19, 2025
Forensic investigation concluded, identifying the specific personal information involved.
Jul 3, 2025
HIPAA breach notification filed with HHS Office for Civil Rights (3,233 individuals; Hacking/IT Incident at Network Server).
Jul 14, 2025
City of Franklin published its public FAQ and began mailing individual notification letters with Cyberscout/TransUnion identity-protection enrollment.
Data exposed
01
High-risk identity
Enables financial + identity theft
03
Contact & insurance
Phishing + targeted scams
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
The City of Franklin, Wisconsin filed a HIPAA breach notification with the U.S. Department of Health and Human Services Office for Civil Rights on July 03, 2025, reporting 3,233 affected individuals in a Hacking/IT Incident event at a Network Server. The OCR portal entry classifies the city as a Healthcare Provider, consistent with the City of Franklin Health Department’s role as a HIPAA-covered entity.
The underlying incident was a network intrusion that the city says it first detected on or about August 15, 2024, when an unauthorized third party accessed a server holding records reportedly dating back several decades. Forensic investigators worked for roughly nine months to identify exactly whose information was involved before the city filed its OCR notification and began mailing individual letters in July 2025.
Timeline
- August 15, 2024 — An unauthorized third party accessed a City of Franklin network server. The city detected the intrusion the same day, secured its network environment, and engaged independent IT and forensic investigators. The FBI was notified and opened an investigation.
- August 2024 through May 2025 — Forensic review of the affected server, including data-mining of records the city says go back to the 1960s, to determine what categories of personal information were involved and which individuals were affected.
- May 19, 2025 — Forensic investigation concluded. The city then began preparing notification letters, running a National Change of Address search on the resulting list, and contracting a mail vendor.
- July 03, 2025 — HIPAA breach notification filed with HHS Office for Civil Rights for 3,233 individuals (Hacking/IT Incident at Network Server).
- July 14, 2025 — City of Franklin published its public FAQ on the incident and began mailing individual notification letters offering complimentary identity-protection services through Cyberscout (a TransUnion company).
The eleven-month gap between detection and notification is on the long end of what HIPAA’s 60-day clock contemplates. The city’s position is that the clock runs from the date the breach is discovered, which it dates to the conclusion of the forensic review on May 19, 2025, rather than the August 15, 2024 access date.
What was exposed
According to the City of Franklin’s public FAQ and notification letters, the categories of personal information that may have been accessed include:
- Name
- Date of birth
- Social Security number
- Taxpayer identification number
- Other personal information held on the affected city server
The HHS OCR portal classifies the breach location as Network Server. The city has stated that as of its public disclosure, there was no evidence that any of the involved information had been misused.
What the City of Franklin is offering
Affected individuals were offered complimentary identity-protection services through Cyberscout, a TransUnion company. The city’s notification letters include an enrollment code and a toll-free number for questions about the incident and enrollment.
The city has also said it implemented additional safeguards and enhanced security measures following the incident, working with outside IT specialists.
Class-action posture
As of this writing, no consolidated class action specific to the City of Franklin incident has been publicly confirmed filed. Several plaintiffs’ firms that monitor municipal and HIPAA-covered-entity breaches have noted the incident, but no docket has been verified. The FBI’s investigation into the responsible party remains open and no attribution has been made public.
What to do if you may be affected
- Activate the offered identity-protection coverage. If you received a notification letter from the City of Franklin, enroll with Cyberscout using the code on the letter. It is paid for and adds nothing to your risk profile.
- Freeze your credit with Equifax, Experian, and TransUnion. It is free, takes about ten minutes per bureau, and is the single highest-leverage step against identity theft. A credit freeze and identity monitoring are complementary, not redundant.
- File your tax return early. Because taxpayer identification numbers were among the data categories, filing before a bad actor can submit a fraudulent return is a meaningful protection. Consider requesting an IRS Identity Protection PIN.
- Watch for targeted phishing. Because the attacker may have accurate name, date-of-birth, and SSN information, follow-on phishing or impostor calls may reference real details. Do not click links or call numbers from any message claiming to be from the City of Franklin. Go to franklinwi.gov directly or use the toll-free number on your notification letter.
- Keep the notification letter. It establishes your standing if a class action is later filed and certified.
Sources on this page
- HHS Office for Civil Rights Breach Portal — the federal regulatory record of this breach.
- City of Franklin official FAQ on the data security incident (July 14, 2025) — the entity’s primary public statement, hosted on franklinwi.gov.
- CBS 58 News coverage of the City of Franklin breach — local broadcast reporting on the notification, including data categories and FBI involvement.
- Milwaukee Journal Sentinel summary via Worldnews — newspaper coverage of the city’s July 16, 2025 disclosure.
- Wisconsin DATCP consumer data-breach repository — Wisconsin Department of Agriculture, Trade and Consumer Protection breach-notice index.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- City of Franklin official FAQ on the data security incident (July 14, 2025)
- CBS 58 News coverage of the City of Franklin breach
- Milwaukee Journal Sentinel summary via Worldnews
- Wisconsin DATCP consumer data-breach repository
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.