Philadelphia Corporation for Aging (PCA)

Philadelphia Corporation for Aging (PCA), a nonprofit serving as Philadelphia’s Area Agency on Aging, experienced a data breach between July 10–25, 2025, where cybercriminals copied sensitive personal information of older adults and individuals with disabilities. The exposed data may include names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, health insurance details, and medical records. PCA completed its investigation by October 23, 2025, and notified affected individuals in November 2025, but did not disclose the total number of victims. The breach poses risks of identity theft, financial fraud, and medical fraud, prompting PCA to offer 12 months of free credit monitoring. Legal firms are investigating potential compensation claims for impacted individuals, highlighting the severity of the incident given the vulnerability of the affected population (elderly and disabled).

Source: https://www.claimdepot.com/investigations/philadelphia-corporation-for-aging-data-breach-2025

TPRM report: https://www.rankiteo.com/company/philadelphia-corporation-for-aging

"id": "phi5392353110525",
"linkid": "philadelphia-corporation-for-aging",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Healthcare / Social Services (Area Agency '
                                    'on Aging)',
                        'location': 'Philadelphia, Pennsylvania, USA',
                        'name': 'Philadelphia Corporation for Aging (PCA)',
                        'type': 'Nonprofit Organization'}],
 'customer_advisories': 'Written notifications sent to affected individuals '
                        '(starting November 4, 2025) with recommendations for '
                        'credit monitoring and fraud protection',
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (includes PII and protected '
                                        'health information)',
                 'type_of_data_compromised': ['Name',
                                              'Address',
                                              'Phone number',
                                              'Email address',
                                              'Date of birth',
                                              'Social Security number',
                                              'Health insurance information',
                                              'Medical information']},
 'date_detected': '2025-07-25',
 'date_resolved': '2025-10-23',
 'description': 'Philadelphia Corporation for Aging (PCA), a nonprofit Area '
                'Agency on Aging, discovered unauthorized network activity on '
                'July 25, 2025. An investigation revealed that between July '
                '10, 2025, and July 25, 2025, sensitive personal information '
                'of individuals may have been copied by a cybercriminal. PCA '
                'completed its review on October 23, 2025, and began notifying '
                'affected individuals on November 4, 2025. The types of '
                'exposed data and total number of affected individuals remain '
                'undisclosed.',
 'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
                                       'exposure of sensitive PII and medical '
                                       'data',
            'data_compromised': True,
            'identity_theft_risk': 'High (due to exposure of SSNs, health '
                                   'insurance, and medical data)',
            'legal_liabilities': 'Potential lawsuits and compensation claims '
                                 '(e.g., via Shamis & Gentile P.A.)'},
 'initial_access_broker': {'high_value_targets': 'Sensitive PII and medical '
                                                 'data of older '
                                                 'adults/disabled individuals',
                           'reconnaissance_period': 'Potential activity '
                                                    'between July 10, 2025, '
                                                    'and July 25, 2025'},
 'investigation_status': 'Completed (as of October 23, 2025)',
 'ransomware': {'data_exfiltration': True},
 'recommendations': ['Enroll in free credit monitoring (TransUnion Cyberscout) '
                     'for 12 months',
                     'Monitor financial accounts for suspicious activity',
                     'Place a fraud alert on credit reports',
                     'Request free annual credit reports from major bureaus',
                     'Seek legal counsel for potential compensation claims'],
 'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'}],
 'regulatory_compliance': {'legal_actions': 'Potential class-action lawsuits '
                                            '(e.g., via Shamis & Gentile '
                                            'P.A.)'},
 'response': {'communication_strategy': 'Written notifications sent to '
                                        'affected individuals starting '
                                        'November 4, 2025',
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'recovery_measures': 'Offered 12 months of free TransUnion '
                                   'Cyberscout single-bureau credit monitoring '
                                   'to affected individuals'},
 'threat_actor': 'Cybercriminal (unspecified)',
 'title': 'Philadelphia Corporation for Aging Data Breach (July 2025)',
 'type': 'Data Breach'}