Ransomware victim disclosure
← All victimsPlaza Dental Group
listed as Plazadental · Claimed by Obscura · listed 10 months ago
Status timeline
- ListedSep 5, 2025
- Data leakeddate unknown
At a glance
- Group
- Obscura
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Sep 5, 2025
About the victim
AI dossier — public-source company profilePlaza Dental Group is a dental clinic located in San Jose, California, offering a broad range of dental services including general, cosmetic, restorative, orthodontic, and specialized care. The practice is led by Dr. Bangalore and serves individual and family patients in the San Jose area. The office is scheduled to close on March 12, 2026.
- Industry
- Dental Healthcare Services
- Address
- 4205 San Felipe Road, Suite 200, San Jose, CA
Attack summary
Severity: critical — The victim is a healthcare provider (dental clinic) in the US; data_published status confirms exfiltration occurred. Dental records constitute protected health information (PHI) under HIPAA, representing regulated sensitive medical and personal data at scale.The ransomware group Obscura claims to have attacked Plaza Dental Group and has published data (disclosed status: data_published), indicating exfiltration of patient and business records from the dental clinic. No ransom amount was stated and no specific data volume was disclosed in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Patient dental records
- Patient personal information
- Insurance and financial records
- Contact and appointment information
What the group claims
Dental clinics in San Jose
Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

