On Nov. 26, 2025, Search, Inc., a Chicago-based nonprofit, disclosed a data security incident. The breach was first detected on March 10, 2025, when unusual activity was discovered in one of the organization’s email accounts. Upon identifying the suspicious activity, Search, Inc. secured the affected account and brought in a specialized third-party cybersecurity firm to conduct a comprehensive forensic investigation.
The investigation revealed that a single email account had been compromised. After securing the account, Search, Inc. undertook a detailed review to determine what information was potentially exposed and which individuals were affected.
The data at risk varied for each person but included a wide range of sensitive information: name, Social Security number, financial account information, credit card information and access code, driver’s license or state identification card number, contact and demographic information, passport information, medical information, health insurance information, public benefit or program identification number, login username and password, date of birth and, in some cases, date of death.
Search, Inc.'s response
To support those affected, Search, Inc. has mailed individual notifications to impacted persons, detailing what specific information was involved for each recipient. The organization encourages all potentially affected individuals to remain vigilant by monitoring their account statements and credit reports for any signs of susp
Source: https://www.claimdepot.com/data-breach/search20inc-2025
TPRM report: https://www.rankiteo.com/company/search-inc.
"id": "sea1764367328",
"linkid": "search-inc.",
"type": "Breach",
"date": "03/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': None,
'industry': 'Nonprofit/Social Services',
'location': 'Chicago, Illinois, USA',
'name': 'Search, Inc.',
'size': None,
'type': 'Nonprofit Organization'}],
'attack_vector': 'Unauthorized Access (Email Account Compromise)',
'customer_advisories': ['Monitor account statements and credit '
'reports for suspicious activity'],
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSN, '
'financial, medical, and '
'login credentials)',
'type_of_data_compromised': ['Personally '
'Identifiable '
'Information (PII)',
'Financial Data',
'Medical/Health '
'Information',
'Authentication '
'Credentials',
'Government-Issued '
'Identification']},
'date_detected': '2025-03-10',
'date_publicly_disclosed': '2025-11-26',
'description': 'On Nov. 26, 2025, Search, Inc., a Chicago-based '
'nonprofit, disclosed a data security incident '
'where a single email account was compromised. '
'The breach was first detected on March 10, 2025, '
'exposing a wide range of sensitive personal '
'information, including Social Security numbers, '
'financial data, medical records, and login '
'credentials. The organization secured the '
'account, engaged a third-party cybersecurity '
'firm for forensic investigation, and notified '
'affected individuals via mail, advising '
'vigilance against potential fraud.',
'impact': {'brand_reputation_impact': 'Potential reputational '
'harm due to exposure of '
'highly sensitive personal '
'data',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['Name',
'Social Security Number',
'Financial Account Information',
'Credit Card Information and '
'Access Code',
'Driver’s License or State '
'Identification Card Number',
'Contact and Demographic '
'Information',
'Passport Information',
'Medical Information',
'Health Insurance Information',
'Public Benefit or Program '
'Identification Number',
'Login Username and Password',
'Date of Birth',
'Date of Death (in some cases)'],
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High (due to exposure of PII, '
'financial, and medical data)',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'High (credit card '
'information and access '
'codes exposed)',
'revenue_loss': None,
'systems_affected': ['Email Account']},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'Email Account '
'Compromise',
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Completed (forensic investigation by '
'third-party firm)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': ['Mailed individual '
'notifications to '
'affected persons with '
'details of exposed '
'information',
'Advisories to monitor '
'account statements and '
'credit reports'],
'containment_measures': ['Secured the compromised '
'email account'],
'enhanced_monitoring': None,
'incident_response_plan_activated': True,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': ['Specialized third-party '
'cybersecurity firm '
'(forensic '
'investigation)']},
'title': 'Search, Inc. Data Security Incident (2025)',
'type': 'Data Breach (Email Account Compromise)'}