Gladney Center Reports Dual Data Breaches Impacting Sensitive Personal and Health Information
In February 2026, the Gladney Center disclosed a pair of data breaches that compromised sensitive personal and protected health information (PHI) of individuals under its care. The incidents, which occurred in February and April 2025, targeted a section of the organization’s network, exposing data stored in email accounts to unauthorized access.
The first breach was detected in February 2025, prompting an internal investigation. During this review, Gladney Center uncovered a second, unrelated incident in April 2025, linked to a third-party system vulnerability affecting the same network segment. The breaches potentially exposed a range of sensitive data, including:
- Full names
- Social Security numbers
- Dates of birth
- Driver’s license or state ID numbers
- Email addresses and passwords
- Passport numbers
- Usernames and passwords
- Medical information
On February 3, 2026, Gladney Center began notifying affected individuals via mail, detailing the specific types of compromised data and offering complimentary credit monitoring services. The breach notice was filed with the Attorney General of New Hampshire, where the incident was made public. The full scope of impacted individuals and the exact timeline of unauthorized access remain under review.
Source: https://straussborrelli.com/2026/02/09/the-gladney-center-of-adoption-data-breach-investigation/
Gladney Center for Adoption cybersecurity rating report: https://www.rankiteo.com/company/gladneycenter
"id": "GLA1770681334",
"linkid": "gladneycenter",
"type": "Breach",
"date": "2/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'United States',
'name': 'Gladney Center',
'type': 'Non-profit/Healthcare'}],
'attack_vector': 'Third-party system vulnerability, Unauthorized access to '
'email accounts',
'customer_advisories': 'Notification via mail detailing compromised data and '
'offering complimentary credit monitoring services',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Full names',
'Social Security numbers',
'Dates of birth',
'Driver’s license or state ID '
'numbers',
'Email addresses and passwords',
'Passport numbers',
'Usernames and passwords',
'Medical information']},
'date_detected': '2025-02-01',
'date_publicly_disclosed': '2026-02-03',
'description': 'Gladney Center disclosed a pair of data breaches that '
'compromised sensitive personal and protected health '
'information (PHI) of individuals under its care. The '
'incidents occurred in February and April 2025, targeting a '
'section of the organization’s network and exposing data '
'stored in email accounts to unauthorized access.',
'impact': {'data_compromised': 'Sensitive personal and protected health '
'information (PHI)',
'identity_theft_risk': 'High',
'systems_affected': 'Email accounts, Network segment'},
'investigation_status': 'Under review',
'references': [{'source': 'Attorney General of New Hampshire'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': ['Attorney General of '
'New Hampshire']},
'response': {'communication_strategy': 'Notification via mail, Complimentary '
'credit monitoring services'},
'title': 'Gladney Center Dual Data Breaches',
'type': 'Data Breach',
'vulnerability_exploited': 'Third-party system vulnerability'}