Harbor Regional Center, a California-based nonprofit supporting individuals with developmental disabilities, experienced a data breach in September 2025 after unauthorized access to an employee’s email account. The incident exposed sensitive personally identifiable information (PII), including names, addresses, dates of birth, Social Security numbers, phone numbers, medical records, and health insurance details. While the breach was contained by resetting passwords and launching a forensic investigation, the exposed data poses significant risks of identity theft, financial fraud, and misuse of protected health information (PHI). Affected individuals were notified via mail and offered complimentary credit monitoring, but the breach’s long-term consequences—such as potential legal liabilities, reputational damage, and emotional distress for victims—remain unresolved. The organization faces potential class-action lawsuits for failing to prevent the exposure of highly sensitive data.
Source: https://www.claimdepot.com/investigations/harbor-regional-center-data-breach-2025
Harbor Regional Center cybersecurity rating report: https://www.rankiteo.com/company/harbor-regional-center
"id": "HAR0415504112525",
"linkid": "harbor-regional-center",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare / Social Services '
'(Developmental Disabilities Support)',
'location': 'Torrance, California, USA',
'name': 'Harbor Regional Center',
'type': 'Nonprofit Organization'}],
'attack_vector': 'Compromised Employee Email Account',
'customer_advisories': ['Mail notifications sent to affected individuals.',
'Offer of complimentary credit monitoring services.'],
'data_breach': {'data_exfiltration': 'Potential (unconfirmed if data was '
'exfiltrated or only accessed)',
'personally_identifiable_information': ['Name',
'Address',
'Date of Birth',
'Social Security '
'Number',
'Phone Number',
'Medical Information',
'Health Insurance '
'Information'],
'sensitivity_of_data': 'High (includes SSNs, medical records, '
'and health insurance details)',
'type_of_data_compromised': ['Protected Health Information '
'(PHI)',
'Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-09-02',
'description': 'Harbor Regional Center, a nonprofit organization providing '
'services for individuals with developmental disabilities, '
'experienced a data security incident in September 2025. '
'Unauthorized access to an employee email account led to the '
'potential exposure of protected health information (PHI) and '
'personally identifiable information (PII) of affected '
'individuals. The breach was discovered on September 2, 2025, '
'and a forensic investigation confirmed the exposure of '
'sensitive data by September 29, 2025. Affected individuals '
'were notified via mail and offered complimentary credit '
'monitoring services. The exposed data may include names, '
'addresses, dates of birth, Social Security numbers, phone '
'numbers, medical information, and health insurance details.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive PHI/PII; class '
'action investigation initiated by '
'Shamis & Gentile P.A.',
'data_compromised': ['Name',
'Address',
'Date of Birth',
'Social Security Number',
'Phone Number',
'Medical Information',
'Health Insurance Information'],
'identity_theft_risk': 'High (exposed SSNs, medical, and insurance '
'data)',
'legal_liabilities': 'Potential lawsuits for compensation (e.g., '
'reimbursement for out-of-pocket expenses, '
'emotional distress)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account',
'high_value_targets': ['Protected Health '
'Information (PHI)',
'Personally Identifiable '
'Information (PII)']},
'investigation_status': 'Ongoing (forensic investigation completed; class '
'action investigation active)',
'recommendations': ['Sign up for free identity theft protection services '
'offered by Harbor Regional Center.',
'Monitor financial statements for suspicious activity.',
'Place a fraud alert on credit reports.',
'Request free annual credit reports from major bureaus.',
'Seek legal counsel to explore compensation options.'],
'references': [{'source': 'Shamis & Gentile P.A. Class Action Investigation'}],
'regulatory_compliance': {'legal_actions': ['Class action investigation by '
'Shamis & Gentile P.A.'],
'regulations_violated': ['Potential HIPAA '
'violations (exposure of '
'PHI)']},
'response': {'communication_strategy': ['Mail notifications to affected '
'individuals',
'Public disclosure via class action '
'investigation announcement'],
'containment_measures': ['Password reset for affected email '
'account'],
'incident_response_plan_activated': True,
'recovery_measures': ['Credit monitoring services offered to '
'affected individuals'],
'third_party_assistance': ['Forensic Investigation Team']},
'title': 'Harbor Regional Center Data Breach (2025)',
'type': 'Data Breach (Unauthorized Access)'}