California Cryobank, LLC, the largest sperm bank in the country, faces a lawsuit in the U.S. District Court for the Central District of California over an April 2024 data breach. Cryobank provides frozen donor sperm and specialized reproductive health care services, including egg and embryo storage.

Cryobank notified the affected individuals this month that it detected suspicious activity on its network and determined that an unauthorized party gained access to its IT environment and may have accessed files containing personal information.

While sperm is commonly donated anonymously, the information is associated with a donor-assigned ID number. That ID number can then be used by offspring at 18 if they want to learn more about their biological father. Nevertheless, the security incident affected information including, patient names, Social Security numbers, driver’s license numbers, financial account numbers, and health insurance information. The complaint alleges that Cryobank failed to sufficiently protect and secure its patients’ personal and health information. The plaintiff is seeking class certification to include others affected by the data breach.

The complaint states that the individual notifications did not include “the identity of the cybercriminals who perpetrated this Data Breach, the details of the root cause of the Data Breach, the vulnerabilities exploited, and the remedial measures undertaken to ensure such a breach does not occur again.”

The lawsuit asserts claims of negligence, breach of implied contract, and unjust enrichment, as well as violations of the California Unfair Competition Law and Confidentiality of Medical Information Act.