Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label adoption agency. Show all posts
Software
adoption agency Data Breach Gladney Center Ransomware Software

Sensitive Records of Over 1 Million People Exposed by U.S. Adoption Organization

 



A large scale data exposure incident has come to light involving the Gladney Center for Adoption, a U.S.-based non-profit that helps connect children with adoptive families. According to a cybersecurity researcher, an unsecured database containing over a million sensitive records was recently discovered online.

The breach was uncovered by Jeremiah Fowler, a researcher who specializes in finding misconfigured databases. Earlier this week, he came across a large file measuring 2.49 gigabytes that was publicly accessible and unprotected by a password or encryption.

Inside the database were more than 1.1 million entries, including names and personal information of children, biological parents, adoptive families, employees, and potential applicants. Details such as phone numbers, mailing addresses, and information about individuals' approval or rejection for adoption were also found. Even private data related to biological fathers was reportedly visible.

Experts warn that this kind of data, if accessed by malicious actors, could be extremely dangerous. Scammers could exploit the information to create convincing fake emails targeting people in the database. These emails could trick individuals into clicking harmful links, revealing banking details, or paying fake fees leading to financial fraud, identity theft, or even ransomware attacks.

To illustrate, a criminal could pretend to be an official from the adoption agency, claiming that someone’s previous application had been reconsidered, but required urgent action and a payment to proceed. Although this is just a hypothetical scenario, it highlights how exposed data could be misused.

The positive takeaway is that there is currently no evidence suggesting that cybercriminals accessed the database before it was found by Fowler. Upon discovering the breach, he immediately alerted the Gladney Center, and the organization took quick action to restrict access.

However, it remains unclear how long the database had been publicly available or whether any information was downloaded by unauthorized users. It’s also unknown whether the database was directly managed by Gladney or by an external vendor. What is confirmed is that the data was generated by a Customer Relationship Management (CRM) system, software used to track and manage interactions with clients.

This incident serves as a strong reminder for organizations handling personal data to regularly review their digital systems for vulnerabilities and to apply proper safeguards like encryption and password protection.

Read more »
Subscribe to: Posts (Atom)