Key facts: CallonDoc data breach
- Date reported: January 22, 2026.
- Records exposed: 1,144,223 patient records.
- Data types: Patient names, addresses, phone numbers, email addresses, medical categories, and sensitive medical conditions.
- Incident timing: The breach allegedly occurred in December 2025.
- Threat status: Database reportedly listed for sale on a dark web forum for $5,000 USD.
- Severity: Classified as informational, though it involves high-risk exposure of private health information (PHI).
What happened in the CallonDoc data breach?
CallonDoc (callondoc.com) was involved in a data leak incident reported on January 22, 2026. No specific threat actor has been identified in connection with the event at this time, though the alias "iProfessor" has been linked to the dark web listing.
In December 2025, a significant data breach occurred involving the telemedicine platform, resulting in the exposure of 1,144,223 patient records. The compromised data includes sensitive information such as patient names, addresses, phone numbers, email addresses, medical categories, and conditions. The severity of this incident is classified as info, indicating an informational update regarding the alleged leak being sold on the dark web for $5,000 USD. Such incidents typically lead to heightened risks of targeted phishing and identity theft for affected individuals.
Who is behind the incident?
The attacker or cause of the incident has not been officially identified. However, reports from January 2026 indicate a threat actor using the name "iProfessor" claimed responsibility for the listing on a dark web forum.
Impact and risks for CallonDoc customers
For customers and patients of CallonDoc, the exposure of medical categories and personal contact details could lead to targeted phishing campaigns or identity theft. Credential abuse is a potential concern if users share passwords across multiple platforms. With sensitive medical conditions potentially exposed, there is also a risk of social engineering attacks designed to exploit private health information.
Similar incidents often result in long-term privacy concerns for affected individuals; users should monitor financial statements and enable multi-factor authentication on all sensitive accounts. Prompt transparency from organizations helps mitigate the long-term impact on consumer trust.
Frequently asked questions
What happened in the CallonDoc security breach?
On January 22, 2026, it was reported that CallonDoc (callondoc.com) suffered a major security incident. A threat actor allegedly exfiltrated over 1.1 million patient records in December 2025 and subsequently offered the database for sale on a dark web forum. The data includes sensitive personal and medical information.
When did the CallonDoc breach occur?
The CallonDoc breach was publicly reported on January 22, 2026. The actual intrusion and data exfiltration are believed to have taken place in December 2025.
What data was exposed?
The types of data involved in the CallonDoc incident include patient names, physical addresses, phone numbers, email addresses, medical diagnoses, and prescription information.
Is my personal information at risk?
If you interacted with CallonDoc, there's a possibility your personal information could be affected. Similar incidents often involve email addresses, login details, or financial records. Stay alert for updates and take precautionary measures to secure your accounts.
What steps should companies take after being impacted by the CallonDoc data breach?
CallonDoc is expected to secure its systems, notify affected parties, and provide guidance on protective actions. Organizations in this position typically review their security measures and deploy attack surface management to prevent future occurrences.
.jpg)
.jpg)
