CMS Data Breach Affects 100,000 Americans, Fraudulent Accounts Created

A significant data breach at the U.S. Centers for Medicare and Medicaid Services (CMS) has affected over 100,000 Americans. The breach, which was discovered during an investigation, revealed that fraudulent Medicare.gov accounts were created using personal information stolen from the CMS system. The compromised data includes Medicare Beneficiary Identifiers (MBI), coverage start dates, last names, dates of birth, and zip codes. Additionally, other personal information such as provider details, mailing addresses, dates of service, diagnosis codes, services received, and plan premium details may have been stolen.

The breach was first detected when the CMS’ 1-800-MEDICARE call center began receiving inquiries from beneficiaries who had received letters confirming the creation of Medicare.gov accounts they did not initiate. The investigation found that malicious actors had fraudulently created new accounts between 2023 and 2025 using valid beneficiary information. In response, CMS has taken several measures to mitigate the impact. All fraudulently created Medicare.gov accounts have been deactivated, and the ability to create new accounts from foreign IP addresses has been disabled. Additionally, CMS is sending letters to affected individuals, alerting them that they will receive a new Medicare card with a new Medicare number in the coming weeks.

Victims of the breach are advised to take proactive steps to protect their personal information. This includes obtaining free annual credit reports through www.annualcreditreport.com and filing reports with local law enforcement and the Federal Trade Commission if any identity theft incidents occur. Despite the breach, CMS has not received any reports of identity fraud or misuse of the stolen information resulting from the cyberattack.

The incident underscores the growing threat of cyberattacks targeting sensitive personal information. The use of personally identifiable information to create fraudulent accounts highlights the need for enhanced security measures to protect against such breaches. The CMS’s response, including the deactivation of fraudulent accounts and the issuance of new Medicare numbers, demonstrates a proactive approach to mitigating the impact of the breach. However, the long-term effects of the breach remain to be seen, and continued vigilance will be necessary to prevent future incidents.