Recently, Catholic Charities announced that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice shared on its website, on July 30, 2025, Catholic Charities discovered unusual activity on its network.1 As a result, Catholic Charities launched an investigation to determine the nature of the incident.
Through its investigation, Catholic Charities confirmed that sensitive personal information and protected health information in its systems may have been accessed by an unauthorized third party between March 29 and July 31, 2025. As a result, Catholic Charities began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
Name
Social Security number
Address
Phone number
Email address
Driver’s license or state ID number
Taxpayer ID number
Date of birth
Medical information (medical diagnosis/treatment information, prescription information, date of service, patient ID number, provider name, medical record number, Medicare/Medicaid number)
Health insurance information (health insurance claim number, health insurance policy number, treatment cost information)
On September 26, 2025, Catholic Charities posted notice of the breach on its website. Additionall
TPRM report: https://www.rankiteo.com/company/charitiesboston
"id": "cha1764815949",
"linkid": "charitiesboston",
"type": "Breach",
"date": "2025-12-03T00:00:00.000Z",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': 'Healthcare/Social Services',
'location': None,
'name': 'Catholic Charities',
'size': None,
'type': 'Non-profit Organization'}],
'customer_advisories': 'Breach notice posted on website '
'(2025-09-26)',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Potential (unauthorized '
'access confirmed)',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSN, '
'medical records, health '
'insurance details)',
'type_of_data_compromised': ['Personally '
'Identifiable '
'Information (PII)',
'Protected Health '
'Information '
'(PHI)']},
'date_detected': '2025-07-30',
'date_publicly_disclosed': '2025-09-26',
'description': 'Catholic Charities announced a data breach where '
'sensitive personal identifiable information '
'(PII) and protected health information (PHI) may '
'have been compromised. Unusual network activity '
'was detected on July 30, 2025, leading to an '
'investigation that confirmed unauthorized access '
'between March 29 and July 31, 2025. The exposed '
'data includes names, Social Security numbers, '
'addresses, phone numbers, email addresses, '
'driver’s license/state ID numbers, taxpayer ID '
'numbers, dates of birth, and extensive medical '
'and health insurance information.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['Name',
'Social Security number',
'Address',
'Phone number',
'Email address',
'Driver’s license or state ID '
'number',
'Taxpayer ID number',
'Date of birth',
'Medical information '
'(diagnosis/treatment, '
'prescription info, date of '
'service, patient ID, provider '
'name, medical record number, '
'Medicare/Medicaid number)',
'Health insurance information '
'(claim number, policy number, '
'treatment cost info)'],
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High (PII and PHI exposed)',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing (review of impacted data and '
'affected individuals in progress)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': '2025-09-26',
'source': 'Catholic Charities Breach Notice',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Public breach notice '
'posted on website '
'(2025-09-26)',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': True,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Unauthorized third party',
'title': 'Catholic Charities Data Breach',
'type': 'Data Breach'}}