Notification of Data Security Incident 

November 12, 2025 – On or around February 3, 2025, TLCS, Inc. d/b/a Hope Cooperative (“TLCS”), discovered suspicious activity related to an employee email account. Upon discovery, TLCS took immediate action to address and investigate the event, which included engaging third-party incident response and data forensic specialists to assist with determining the nature and scope of the event. A thorough investigation determined that the impacted employee email account was subject to unauthorized access between January 15, 2025, and February 3, 2025. TLCS then began a thorough review of the contents of the account to determine the type(s) of information contained within the account and to whom that information related. Once this review was completed, TLCS began working to obtain up-to-date address information in order to provide potentially impacted individuals with notice as soon as possible.  Although TLCS has no evidence of actual misuse of information as a result of this event, TLCS is notifying potentially impacted individuals out of an abundance of caution. 

The types of information impacted may include individuals’ first and last name in combination with Social Security number, address information, date of birth, driver’s license or state identification card number, financial account number, financial account routing number,  prescription information, medical record number, Medicare identification number, Medicaid identification number, mental physical condition or diagnosis information, treatment information, diagnosis code, treatment location, procedure type, provider name, treatment cost, medical date of service, admission date, discharge date, prescription information, billing or claim information, health insurance claim number, health insurance subscriber member number, patient account number, and/or patient identification number. TLCS’s has established a dedicated call center to answer questions about the event and to address related concerns. The number for the dedicated call center is 1-800-405-6108. You may also contact us by writing to 650 Howe Ave #400-A, Sacramento, CA 95825. 

In response to this event, TLCS has implemented additional security measures within its systems and facilities and is reviewing its current policies and procedures related to data security. Although TLCS has no evidence of actual misuse of information as a result of this event, it is always prudent to review health care statements for accuracy and report any services or charges that were not incurred to the provider or insurance carrier. As a best practice, individuals are encouraged to remain vigilant against incidents of identity theft by reviewing account statements for suspicious activity and to detect errors.  

Individuals may also place a fraud alert or credit freeze by contacting the credit reporting agencies: TransUnion 1-800-680-7289, P.O. Box 2000 Chester, PA 19016, transunion.com; Experian 1-888-397-3742, P.O. Box 9554 Allen, TX 75013, experian.com; Equifax 1-888-298-0045, P.O. Box 105069 Atlanta, GA 30348, equifax.com. Individuals can further educate themselves regarding identity theft, fraud alerts, credit freezes, and steps to protect their personal information by contacting the credit reporting bureaus, the Federal Trade Commission (“FTC”), or their state attorney general. The FTC may be reached at 600 Pennsylvania Ave. NW, Washington, D.C. 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should also be reported to law enforcement, the state attorney general, and the FTC.