Sono Bello data breach exposes sensitive information of customers and employees

Sono Bello, a healthcare services provider specializing in cosmetic procedures, reported a data breach to the Attorney General of Montana after discovering that an unauthorized party had gained access to a company email account. The breach, which occurred between May 14, 2024, and May 16, 2024, compromised sensitive information, including certain individuals’ names and Social Security numbers.

Sono Bello became aware of the incident and promptly secured the affected email account, initiating an investigation with the assistance of external cybersecurity professionals. On August 21, 2024, the investigation confirmed that the compromised email account contained confidential information, but no other parts of the company’s IT infrastructure were affected.

Following the discovery, Sono Bello reviewed the affected files to identify the individuals whose data had been accessed. The company began sending data breach notification letters on September 11, 2024, to those impacted by the breach, outlining the specific details of the information exposed. The exposed data, including Social Security numbers, could be exploited by malicious actors.

Headquartered in Kirkland, Washington, Sono Bello operates over 100 locations nationwide, specializing in liposuction, body contouring, and excess skin removal. The company employs more than 2,674 individuals and works with over 185 board-certified surgeons, generating approximately $392 million in annual revenue.