Active breach tracker WI Disclosed July 3, 2025

City of Franklin Data Breach 2025: 3,233 Affected · Hacking/IT Incident · WI. Filed With HHS OCR. What To Do.

City of Franklin (WI) filed a HIPAA breach notification with the HHS Office for Civil Rights on July 03, 2025, reporting 3,233 affected individuals after an unauthorized actor accessed a city network server in August 2024 containing records dating back decades. Notification letters mailed in July 2025; identity-protection services offered via Cyberscout/TransUnion.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Aug 15, 2024

Unauthorized third party accessed a City of Franklin network server containing records reportedly dating back to the 1960s.

Aug 15, 2024

City of Franklin became aware of the data security incident and engaged independent forensic investigators; FBI notified.

May 19, 2025

Forensic investigation concluded, identifying the specific personal information involved.

Jul 3, 2025

HIPAA breach notification filed with HHS Office for Civil Rights (3,233 individuals; Hacking/IT Incident at Network Server).

Jul 14, 2025

City of Franklin published its public FAQ and began mailing individual notification letters with Cyberscout/TransUnion identity-protection enrollment.

Data exposed

01

High-risk identity

Enables financial + identity theft

Date of birth Social Security number

03

Contact & insurance

Phishing + targeted scams

Name Taxpayer identification number Other personal information held on a city network server
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

The City of Franklin, Wisconsin filed a HIPAA breach notification with the U.S. Department of Health and Human Services Office for Civil Rights on July 03, 2025, reporting 3,233 affected individuals in a Hacking/IT Incident event at a Network Server. The OCR portal entry classifies the city as a Healthcare Provider, consistent with the City of Franklin Health Department’s role as a HIPAA-covered entity.

The underlying incident was a network intrusion that the city says it first detected on or about August 15, 2024, when an unauthorized third party accessed a server holding records reportedly dating back several decades. Forensic investigators worked for roughly nine months to identify exactly whose information was involved before the city filed its OCR notification and began mailing individual letters in July 2025.

Timeline

  • August 15, 2024 — An unauthorized third party accessed a City of Franklin network server. The city detected the intrusion the same day, secured its network environment, and engaged independent IT and forensic investigators. The FBI was notified and opened an investigation.
  • August 2024 through May 2025 — Forensic review of the affected server, including data-mining of records the city says go back to the 1960s, to determine what categories of personal information were involved and which individuals were affected.
  • May 19, 2025 — Forensic investigation concluded. The city then began preparing notification letters, running a National Change of Address search on the resulting list, and contracting a mail vendor.
  • July 03, 2025 — HIPAA breach notification filed with HHS Office for Civil Rights for 3,233 individuals (Hacking/IT Incident at Network Server).
  • July 14, 2025 — City of Franklin published its public FAQ on the incident and began mailing individual notification letters offering complimentary identity-protection services through Cyberscout (a TransUnion company).

The eleven-month gap between detection and notification is on the long end of what HIPAA’s 60-day clock contemplates. The city’s position is that the clock runs from the date the breach is discovered, which it dates to the conclusion of the forensic review on May 19, 2025, rather than the August 15, 2024 access date.

What was exposed

According to the City of Franklin’s public FAQ and notification letters, the categories of personal information that may have been accessed include:

  • Name
  • Date of birth
  • Social Security number
  • Taxpayer identification number
  • Other personal information held on the affected city server

The HHS OCR portal classifies the breach location as Network Server. The city has stated that as of its public disclosure, there was no evidence that any of the involved information had been misused.

What the City of Franklin is offering

Affected individuals were offered complimentary identity-protection services through Cyberscout, a TransUnion company. The city’s notification letters include an enrollment code and a toll-free number for questions about the incident and enrollment.

The city has also said it implemented additional safeguards and enhanced security measures following the incident, working with outside IT specialists.

Class-action posture

As of this writing, no consolidated class action specific to the City of Franklin incident has been publicly confirmed filed. Several plaintiffs’ firms that monitor municipal and HIPAA-covered-entity breaches have noted the incident, but no docket has been verified. The FBI’s investigation into the responsible party remains open and no attribution has been made public.

What to do if you may be affected

  • Activate the offered identity-protection coverage. If you received a notification letter from the City of Franklin, enroll with Cyberscout using the code on the letter. It is paid for and adds nothing to your risk profile.
  • Freeze your credit with Equifax, Experian, and TransUnion. It is free, takes about ten minutes per bureau, and is the single highest-leverage step against identity theft. A credit freeze and identity monitoring are complementary, not redundant.
  • File your tax return early. Because taxpayer identification numbers were among the data categories, filing before a bad actor can submit a fraudulent return is a meaningful protection. Consider requesting an IRS Identity Protection PIN.
  • Watch for targeted phishing. Because the attacker may have accurate name, date-of-birth, and SSN information, follow-on phishing or impostor calls may reference real details. Do not click links or call numbers from any message claiming to be from the City of Franklin. Go to franklinwi.gov directly or use the toll-free number on your notification letter.
  • Keep the notification letter. It establishes your standing if a class action is later filed and certified.

Sources on this page

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.