Between July 10 and July 25, 2025, an unauthorized actor infiltrated PCA’s internal network, exfiltrating sensitive personal and medical data of individuals. The compromised information includes names, addresses, dates of birth, Social Security numbers, medical records, and health insurance details. PCA confirmed the breach on October 23, 2025, after a forensic review, and began notifying affected individuals via mail on November 4, 2025. While only three Maine residents were officially reported, the total nationwide impact remains undisclosed. The breach triggered regulatory disclosures to the Maine Attorney General’s office, alongside federal notifications. PCA responded by securing systems, engaging cybersecurity experts, and offering 12 months of free credit monitoring (TransUnion Cyberscout), fraud assistance, and remediation services to victims. The incident exposes affected individuals to risks of identity theft, financial fraud, and targeted phishing attacks, with PCA advising vigilance through credit freezes, fraud alerts, and monitoring of financial accounts. A dedicated assistance line was established for inquiries.
Source: https://www.claimdepot.com/data-breach/philadelphia-corporation-for-aging-2025
TPRM report: https://www.rankiteo.com/company/philadelphia-corporation-for-aging
"id": "phi0992509110525",
"linkid": "philadelphia-corporation-for-aging",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least 3 (Maine residents), '
'total nationwide unspecified',
'industry': 'Healthcare / Aging Services',
'location': 'Philadelphia, Pennsylvania, USA',
'name': 'Philadelphia Corporation for Aging (PCA)',
'type': 'Non-profit Organization'}],
'customer_advisories': {'assistance_line': '1-833-647-0358 (Monday–Friday, '
'8:00 a.m.–8:00 p.m. ET)',
'notification_method': 'Mail (starting Nov. 4, 2025)',
'services_offered': '12 months of TransUnion '
'Cyberscout credit monitoring, '
'fraud assistance, and '
'remediation'},
'data_breach': {'data_exfiltration': 'Likely (data copied by unauthorized '
'actor)',
'number_of_records_exposed': 'At least 3 (Maine residents), '
'total unspecified',
'personally_identifiable_information': ['Names',
'Addresses',
'Dates of Birth',
'Social Security '
'Numbers',
'Medical Information',
'Health Insurance '
'Information'],
'sensitivity_of_data': 'High (includes SSNs, medical, and '
'health insurance data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-07-25',
'date_publicly_disclosed': '2025-11-04',
'description': 'On or about July 25, 2025, Philadelphia Corporation for Aging '
'(PCA) detected suspicious activity within its internal '
'network, signaling a potential cybersecurity incident. An '
'investigation found that between July 10 and July 25, 2025, '
'an unauthorized actor may have accessed and copied sensitive '
'information from PCA’s systems. Compromised information may '
'include names, addresses, dates of birth, Social Security '
'numbers, medical information, and health insurance '
'information.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Dates of Birth',
'Social Security Numbers',
'Medical Information',
'Health Insurance Information'],
'identity_theft_risk': 'High (PII and medical data exposed)'},
'investigation_status': 'Completed (data review finalized on Oct. 23, 2025)',
'post_incident_analysis': {'corrective_actions': ['Systems secured',
'Engaged external '
'cybersecurity experts',
'Offered credit monitoring '
'and fraud assistance to '
'affected individuals']},
'recommendations': ['Sign up for the free 12-month TransUnion Cyberscout '
'credit monitoring, fraud assistance, and remediation '
'services offered by PCA.',
'Monitor credit reports and financial accounts for '
'unusual activity.',
'Be alert for phishing emails or phone calls exploiting '
'exposed information.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.'],
'references': [{'source': 'Maine Attorney General’s Office Breach Notice'},
{'source': 'Philadelphia Corporation for Aging (PCA) Customer '
'Advisory'}],
'regulatory_compliance': {'regulatory_notifications': [{'authority': 'Maine '
'Attorney '
'General’s '
'Office',
'date': '2025-11-04'},
{'authority': 'Other '
'state '
'and '
'federal '
'agencies '
'(unspecified)',
'date': None}]},
'response': {'communication_strategy': 'Mail notifications to affected '
'individuals (starting Nov. 4, 2025); '
'assistance line established '
'(1-833-647-0358)',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': 'Systems secured; credit monitoring and '
'fraud assistance offered to affected '
'individuals',
'third_party_assistance': 'External cybersecurity experts '
'engaged'},
'title': 'Philadelphia Corporation for Aging (PCA) Data Breach - July 2025',
'type': 'Data Breach'}