Eckerd Connects, a nonprofit specializing in workforce development, juvenile justice, and child welfare, suffered a data breach discovered on November 11, 2024. An investigation confirmed that personal and protected health information (PHI) was compromised, including names, addresses, dates of birth, Social Security numbers, health insurance details, and medical records (diagnoses, treatments, conditions). The breach exposed sensitive data of employees, clients, and potentially 376,000+ individuals served since its founding. While the full scope remains under review, the incident poses risks of identity theft, financial fraud, and unauthorized access to medical histories. Affected parties may face long-term consequences, including credit damage, emotional distress, and legal liabilities. The organization has not yet disclosed the attack vector, but the exposure of SSNs and PHI suggests a severe violation of privacy with potential regulatory repercussions (e.g., HIPAA non-compliance).
Source: https://www.claimdepot.com/investigations/eckerd-connects-data-breach-2025
TPRM report: https://www.rankiteo.com/company/eckerdconnects
"id": "eck1792917092925",
"linkid": "eckerdconnects",
"type": "Breach",
"date": "11/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Social Services (Workforce Development, '
'Juvenile Justice, Education, Child '
'Welfare, Family Support)',
'location': 'United States (multiple states and '
'Washington, D.C.)',
'name': 'Eckerd Youth Alternatives Inc. dba Eckerd '
'Connects',
'size': 'Hundreds of employees; impacted over 376,000 '
'individuals since inception',
'type': 'Nonprofit Organization'}],
'customer_advisories': ['Review and save notification letters.',
'Enroll in credit monitoring services.',
'Monitor accounts for unauthorized activity.',
'Consider placing a fraud alert.',
'Contact financial institutions if suspicious '
'activity is detected.',
'Seek legal help for compensation claims.'],
'data_breach': {'data_exfiltration': 'Suspected (under investigation)',
'personally_identifiable_information': ['Names',
'Addresses',
'Dates of birth',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High (includes SSNs, health '
'insurance, and medical treatment '
'details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2024-11-11',
'date_publicly_disclosed': '2025-09-26',
'description': 'Shamis & Gentile P.A. is investigating a data breach at '
'Eckerd Youth Alternatives Inc. dba Eckerd Connects, a '
'nonprofit organization specializing in workforce development, '
'juvenile justice, education, child welfare, and family '
'support. The breach involved suspicious activity discovered '
'on or around Nov. 11, 2024, with personal and protected '
'health information potentially compromised. The organization '
'disclosed the incident publicly on Sept. 26, 2025, and '
'affected individuals will be notified by mail upon completion '
'of the investigation.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of sensitive personal and '
'health information',
'data_compromised': ['Names',
'Addresses',
'Dates of birth',
'Social Security numbers',
'Health insurance information',
'Medical condition, treatment or diagnosis '
'information'],
'identity_theft_risk': 'High (due to exposure of SSNs, health '
'insurance, and medical data)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'for affected individuals'},
'investigation_status': 'Ongoing (as of Sept. 26, 2025)',
'recommendations': ['Enroll in free credit monitoring services if offered.',
'Monitor financial statements for suspicious activity.',
'Place a fraud alert with credit bureaus.',
'Request free annual credit reports.',
'Seek legal counsel to understand rights and potential '
'compensation.'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'date_accessed': '2025-09-26',
'source': 'Eckerd Connects Notice of Data Security Incident'}],
'regulatory_compliance': {'legal_actions': 'Potential class-action lawsuits '
'(investigation by Shamis & '
'Gentile P.A.)'},
'response': {'communication_strategy': 'Public notice published on website '
'(Sept. 26, 2025); impacted '
'individuals to be notified by mail '
'post-investigation. Credit monitoring '
'services offered to affected parties.',
'incident_response_plan_activated': 'Yes (investigation launched '
'following detection of '
'suspicious activity)'},
'stakeholder_advisories': 'Impacted individuals and families will be notified '
'by mail post-investigation.',
'title': 'Eckerd Connects Data Breach Investigation',
'type': 'Data Breach'}