vUS Sperm Donor Giant California Cryobank Hacked

California Cryobank LLC, one of America’s largest sperm donor repositories, has confirmed a significant data breach that exposed sensitive customer information. 

The cyber intrusion, which occurred on April 20, 2024, but remained undetected until October 4, 2024, has triggered mandatory breach notifications to affected individuals across multiple states, with formal notices sent to customers on March 14, 2025.

The data security incident remained undetected for nearly six months before California Cryobank’s security systems identified unauthorized access to their network. 

According to official breach notification documents filed with state regulators, threat actors gained entry to the company’s databases containing client personal identifiable information (PII).

“Our investigation determined that malicious actors leveraged a zero-day vulnerability in our client management system, to establish persistent access,” the company stated in its notification to affected customers. 

The attackers maintained access for approximately 12 hours before security protocols terminated the connection.

Exposed Data and Impact Assessment

While California Cryobank has not disclosed the total number of individuals affected nationwide, state filings indicate at least 28 Maine residents were impacted. 

Security experts estimate the total number could reach into the thousands given the organization’s extensive client base across North America.

According to the Office of the Maine Attorney General reports, the exposed information potentially includes customers’ names in combination with other sensitive personal identifiers. 

Given the nature of California Cryobank’s services, this breach raises particular concerns about the exposure of highly sensitive reproductive and genetic information.

A forensic investigation revealed that the attack utilized a sophisticated exfiltration technique known as “SQL injection” to extract customer records. 

This injection bypassed standard security protocols and allowed unauthorized database queries while attempting to cover tracks by compromising logging systems.

California Cryobank has engaged Baker & Hostetler LLP as outside counsel to manage legal compliance with data breach notification laws. Sara Goldstein, a partner at the firm, is overseeing the regulatory response process.

“We take this security incident extremely seriously given the sensitive nature of our clients’ information,” said a spokesperson for California Cryobank. 

“We have implemented additional security measures, including enhanced encryption protocols and multi-factor authentication requirements for all database access points.”

Security Measures

Affected individuals are being offered one year of complimentary credit monitoring and identity theft protection services through CyberScout. Customers are advised to:

• Enroll in the provided protection services immediately
• Monitor financial accounts for suspicious activity
• Consider placing fraud alerts with major credit bureaus
• Review any unusual communications claiming to be from California Cryobank

This breach highlights the growing cybersecurity challenges facing healthcare and reproductive technology organizations that maintain highly sensitive personal and medical information. 

Industry analysts note that such facilities are increasingly becoming targets for sophisticated threat actors due to the valuable nature of their data holdings.

California Cryobank has established a dedicated call center to address customer concerns and assist with enrollment in protection services as they continue working with law enforcement to investigate the full scope of the breach.