Skip to main content
A dentist's chair in an office

Tieu Dental Corporation Data Breach

Written by Joseph Lyon on . Posted in Data Breach.

Tieu Dental Corporation is a medical practice based in Campbell, California, specializing in oral and maxillofacial surgery. Though a smaller practice by employee count, the sensitivity of the data it handles — surgical records, prescriptions, insurance details — makes its breach anything but minor. Contact a data breach lawyer to discuss your legal options. 

What Patient Information Was Compromised?

The unauthorized intrusion into Tieu Dental’s network took place over a narrow but damaging window between July 28 and July 29, 2025. A forensic investigation later confirmed that an unknown party may have accessed and removed files containing sensitive patient data. The company did not discover the extent of what had been taken until January 11, 2026 — roughly six months after the attack occurred.

The breach was officially reported to the California attorneys general on March 5, 2026. That timeline — attack in July, discovery in January, public disclosure in March — is the kind of gap that leaves patients exposed without any chance to protect themselves.

This breach stands out for the sheer breadth of what was potentially taken. Exposed information includes Social Security numbers, health insurance information, dates of birth, full names, medical records, prescriptions, and treatment plans. That combination is particularly dangerous. Individually, each data point creates risk. Together, they hand a bad actor nearly everything needed to commit medical identity theft, insurance fraud, or financial crimes — offenses that can take years to untangle and cause lasting damage to a victim’s credit, healthcare records, and financial standing.

California Law and What It Means for You

California holds businesses to some of the most demanding data security standards in the country. A new amendment to California’s data breach notification law, effective January 1, 2026, now requires covered companies to notify affected residents within 30 calendar days of discovering a breach. Whether Tieu Dental met that standard — given the months-long gap between discovery and public reporting — is a question worth asking. Patients who suffered harm from delayed notification may have grounds for legal action.

Dental practices are also covered entities under HIPAA, which imposes independent obligations to safeguard protected health information. A breach of this scope, involving surgical records and prescriptions, will almost certainly invite regulatory scrutiny on that front as well.

Why Hire The Lyon Firm?

Data breach victims often feel powerless against the corporations that failed to protect them. The Lyon Firm levels that playing field. With deep experience in consumer privacy litigation, the firm understands how to build a compelling case from breach timelines, notification failures, and documented harm — not just abstract legal theories.

The Lyon Firm represents clients on a contingency basis, so there is no cost to you unless your case results in a recovery. When a practice entrusted with your surgical history and Social Security number fails to keep that information secure, accountability is not optional — it is your right. Contact The Lyon Firm today for a free and confidential consultation.

CONTACT THE LYON FIRM TODAY

Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.