Center for Disability Services, Inc., a not-for-profit organization based in Albany, New York, experienced a data breach after an unauthorized actor gained access to multiple employee email accounts between June 19, 2025, and June 25, 2025. The incident exposed sensitive personally identifiable information (PII) and protected health information (PHI) of at least 3,343 individuals, including: - Names - Social Security numbers - Driver’s license/state ID numbers - Medical and health insurance details - Financial account information - Demographic data The breach was disclosed to the U.S. Department of Health and Human Services (HHS) on August 8, 2025, following an internal investigation triggered by suspicious email activity detected on June 10, 2025. The compromised data poses significant risks of identity theft, financial fraud, and medical fraud, prompting legal investigations for potential compensation claims. Affected individuals were advised to enroll in credit monitoring, place fraud alerts, and seek legal recourse.
Source: https://www.claimdepot.com/investigations/center-for-disability-services-data-breach-2025
TPRM report: https://www.rankiteo.com/company/center-for-disability-services
"id": "cen539090325",
"linkid": "center-for-disability-services",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '3,343 Individuals',
'industry': 'Healthcare / Disability Services',
'location': 'Albany, New York, USA',
'name': 'Center for Disability Services, Inc.',
'size': '~2,700 Employees, 80+ Locations',
'type': 'Non-Profit Organization'}],
'attack_vector': 'Unauthorized Access to Employee Email Accounts',
'customer_advisories': ['Review and save notification letters.',
'Enroll in credit monitoring services if offered.',
'Monitor financial statements for unauthorized '
'activity.',
'Consider placing a fraud alert or credit freeze.',
'Seek legal assistance for compensation claims.'],
'data_breach': {'data_exfiltration': 'Likely (Email Access Suggests Data '
'Theft)',
'number_of_records_exposed': '3,343',
'personally_identifiable_information': ['Name',
'Social Security '
'Number',
"Driver's "
'License/State ID',
'Demographic '
'Information',
'Medical Information',
'Health Insurance '
'Information',
'Financial Account '
'Information'],
'sensitivity_of_data': 'High (Includes SSN, Medical, and '
'Financial Data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-06-10',
'date_publicly_disclosed': '2025-08-08',
'description': 'Shamis & Gentile P.A. is investigating a data breach at '
'Center for Disability Services, Inc., a not-for-profit '
'organization based in Albany, New York. An unauthorized actor '
'gained access to multiple employee email accounts between '
'June 19, 2025, and June 25, 2025, compromising the personal '
'and protected health information of at least 3,343 '
'individuals. The breach exposed sensitive data including '
"names, Social Security numbers, driver's license/state ID "
'numbers, medical information, health insurance details, and '
'financial account information. The incident was disclosed to '
'the U.S. Department of Health and Human Services on August 8, '
'2025.',
'impact': {'brand_reputation_impact': 'Potential Reputation Damage (Under '
'Investigation)',
'data_compromised': ['Name',
'Demographic Information',
'Social Security Number',
"Driver's License or State ID Card",
'Medical Information',
'Health Insurance Information',
'Financial Account Information'],
'identity_theft_risk': 'High (Sensitive PII and PHI Exposed)',
'legal_liabilities': 'Potential Lawsuits for Compensation',
'payment_information_risk': 'Moderate (Financial Account '
'Information Exposed)',
'systems_affected': ['Employee Email Network']},
'initial_access_broker': {'entry_point': 'Employee Email Accounts',
'high_value_targets': 'Employee Emails (Potential '
'PII/PHI Access)'},
'investigation_status': 'Ongoing (Class Action Investigation by Shamis & '
'Gentile P.A.)',
'recommendations': ['Enroll in free credit monitoring and identity protection '
'services if offered.',
'Monitor financial accounts for suspicious activity.',
'Place a fraud alert on credit reports.',
'Request free annual credit reports from major bureaus.',
'Seek legal counsel if affected.'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'source': 'Center for Disability Services, Inc. Notice of '
'Data Breach'},
{'date_accessed': '2025-08-08',
'source': 'U.S. Department of Health and Human Services (HHS) '
'Breach Portal'}],
'regulatory_compliance': {'legal_actions': 'Under Investigation (Class Action '
'Lawsuit Potential)',
'regulations_violated': ['Potential HIPAA Violation '
'(Health Insurance '
'Portability and '
'Accountability Act)'],
'regulatory_notifications': ['U.S. Department of '
'Health and Human '
'Services (HHS)']},
'response': {'communication_strategy': ['Notice of Data Breach Posted on '
'Website',
'Disclosure to U.S. Department of '
'Health and Human Services (HHS)',
'Offer of Free Credit Monitoring and '
'Identity Protection Services (if '
'applicable)'],
'incident_response_plan_activated': True},
'stakeholder_advisories': ["Notice of Data Breach posted on organization's "
'website.',
'Potential legal advisories for affected '
'individuals.'],
'threat_actor': 'Unauthorized Actor (Unknown)',
'title': 'Center for Disability Services, Inc. Data Breach (2025)',
'type': 'Data Breach (Email Compromise)'}