Cybersecurity threats are a high priority, considering they affect every area of life as daily life integrates with technology. Data breaches may occur as a result, either accidentally or intentionally, even though organizations are consistently briefed on the best ways to protect their information. Nevada ranked 18th in terms of the victims affected in 2023 and lost over $200 million to cyber threats the same year. Most data breaches in the state focus on email account hacking, denial of service attacks or ransomware, malware, and phishing, where possible. The targeted areas are medical, educational, and entertainment platforms.

Identity Theft Statistics

Identity Theft
State Rank (Reports per 100K Population)
Identity Theft Reports
Fraud & Other
State Rank (Reports per 100K Population)
Total Fraud & Other Reports
Total Fraud Losses
Median Fraud Losses

Top Ten Report Categories

Identity Theft
Imposter Scams
Credit Bureaus, Iformation Furnishers and Report Users
Telephone and Mobile Services
Debt Collection
Banks and Lenders
Auto Related
Online Shopping and Negative Reviews
Prizes, Sweepstakes and Lotteries
Internet Services

Top Identity Theft Types

Credit Card Fraud
Other Identity Theft
Loan or Lease Fraud
Bank Fraud
Phone or Utilities Fraud
Employment or Tax-Related Fraud
Government Documents or Benefits Fraud

Nevada's Recent Biggest Data Breaches


Concentra Data Breach

Concentra, a Nevada-based medical transcription company, fell victim to a data breach incident that directly affected one of its contractors, PJ&A. Concentra indicated that it was not at fault, and lawsuits have since been leveled against PJ&A, citing negligence for not implementing the appropriate cybersecurity measures. Almost 4 million individuals were affected by the breach. The information compromised included birth dates, medical record details, admission diagnoses, and hospital account numbers. There was also a delay in issuing notification letters, hence the legal action. PJ&A has yet to indicate it will provide credit monitoring and identity protection.


Nevada School District Data Breach

In October 2023, Clark County School District became aware of a data breach that affected its email accounts. On discovering the nature of the event, the school district brought in a team of experts to investigate the incident. The investigation also found that the unauthorized party got limited information concerning students, employees, and parents. Information on 200,000 students was exposed, although the school district delayed notifying the affected individuals via mail. It did indicate some of the initiation of policies to secure its systems. Employees, for example, would lose the ability to forward emails to other addresses. Multifactor authentication would also be implemented on both shared and generic accounts.


Northern Nevada Medical Centre Data Breach

Northern Nevada Medical Centre experienced a data breach when its vendor, ESO, was infiltrated by ransomware. This occurred on September 28, 2023. Once they learned about the incident, ESO and the medical center began investigating it. ESO was also requested to issue notices to the individuals whose information was exposed during the breach. ESO then indicated that it had secured the deletion of all affected data and took steps to prevent it from being distributed. Some of the stolen information included phone numbers, names, addresses, and health insurance data.


Neurology Center of Nevada Data breach

In September 2022, the Neurology Center of Nevada indicated that it had experienced a data breach. The center first noticed the issue in July when specific systems on its network became inaccessible. The company alerted law enforcement agencies and restored access to these parts of its system before beginning a separate investigation. It also reviewed the information that was compromised and found that names, birth dates, addresses, Social Security, and health insurance information were exposed. The center also sent out notification letters to all who were affected due to the breach. These numbered some 11,700 individuals.


Nevada Health Centre Patient Data Breach

In December 2020, the Nevada Health Centre found that an unauthorized party illegally entered one employee's email account and accessed reports on patients. When the Health Centre discovered the breach, it initiated an investigation and utilized a third-party organization to assist in those efforts. The investigations revealed that the unauthorized party aimed to attain financial data concerning the organization rather than information concerning their patients. Up to date, though, there has not been any evidence to suggest that patient information found was for identity theft. That said, some information types exposed included names, telephone numbers, gender, race information, insurance details, and other clinical records. Nevada Health Centres indicated it was expanding the information protection and security processes to safeguard its privacy.

What Should You Do if You Are in a Breach?

Unfortunately, data breaches are pretty common now, considering our online connections and dependence on digital service delivery. Criminals work in the shadows to steal your personal information, so sometimes, it's only when you notice certain signs that ongoing fraud becomes apparent. These danger signs apply to both individuals and businesses.

Credit Card Charges

If you find unauthorized transactions on your credit card, there is a significant possibility your phone number, email address, or card number has been compromised.

Calls from
Debt Collectors

Phone calls or letters from collection agencies seeking debt payment for a loan you do not remember taking are also signs of identity theft.

New Credit Cards
or Loans in Your Name

A new line of credit in your name or a loan taken is a warning sign you are a victim of identity theft.

Surprise Credit
Score Drops

Sudden credit drops with no obvious cause are a sign of suspicious activities.

Unusual Activity on Your
Social Security Account

The federal government also considers social security numbers personal identifiers, so check your social security statement regularly to ensure no one has access to benefits without consent.

Inability to
to Accounts

If you are locked out of the account, it is usually because someone has hacked into it and changed the password. You should immediately try all possible recovery options and contact customer support if all fails.

Step-by-Step Process for Responding to a Data Breach


Contact Local Law Enforcement

As an individual or a business, report the incident to the police and file a police report.


Assess and Secure Compromised Areas

Identify which aspects of your information have been affected, such as emails, passwords, credit card numbers, social security numbers, full names, and phone numbers.


Contain the Breach

Isolate the affected system to prevent further damage.


Create New, Strong Passwords for All Accounts

This may involve changing usernames and passwords for compromised platforms, using strong passwords with a mix of upper and lower-case letters, digits, and special characters.


Notify Affected Institutions

Inform your bank, credit card companies, and other affected institutions. Request they close or freeze any accounts that may be implicated in the breach to reduce financial risk.


Update Security on Digital Accounts

Change passwords for all accounts affected by the breach. Make sure each password is totally unique, and you use two-factor verification as an additional layer of security.


Check for Malware

Examine your computers and mobile devices for installed malware. Install robust antivirus software to detect and remove any viruses or malicious software.


Freeze Your Credit

In cases of identity theft, contact all credit bureaus to freeze your credit.


Monitor Your Mail and Credit Reports

Keep an eye out for any unauthorized changes in your mail.


Engage Legal Assistance When Applicable

If you are a business, consider hiring a law firm experienced in handling data breaches.

Responsibilities of Companies that Have Been Breached

According to state regulations, businesses must notify all residents of a data breach if they assess that personal information has been compromised. The modes of data breach notification in Nevada are written and electronic notices. Substitute notice may be provided if the expenses of notifying individuals are more than $250,000 or more than 500,000 people have been affected by the breach. Notifications should also be issued to consumer reporting agencies if over 1,000 residents have to be alerted because of the incident. This notice would have to contain information on timing, distribution of the notification, and context.

Though Nevada state law does not have particular mandates for the notice content, it should have details like a description of the breach, the business's name, types of personal information exposed, and mitigation steps taken to safeguard personal information.

Substitute notices may also be provided if the organization does not have everyone's current contact details. If so, the entity may notify individuals via a widespread email. It can also do so by posting a conspicuous message on the website or to statewide media outlets.

If the Nevada attorney general's office has reason to believe that a business violates the notification laws, it can implement a legal action. Businesses that knowingly fail to do security breach notices can also get a fine of $5,000 for each failure to issue notice.


  • CHAPTER 603A - security and privacy of personal information deals with definitions and requirements for businesses. That is the obligation of all companies when information security is breached, and penalties if they fail to abide by these regulations.
  • Nevada Revised Statutes 603A requires that operators of websites and data collectors notify state residents when they have experienced a data breach. Operators and data collectors can also issue notices to the offices of the attorney general.