Adoption Agency Data Breach Exposes Children and Parents’ Info
▼ Summary
– Security researcher Jeremiah Fowler discovered a publicly accessible database containing sensitive adoption-related data, including biological parent identities and medical records.
– Fowler identified the database as belonging to the Texas-based Gladney Center for Adoption and notified them, leading to its silent securing within hours.
– The exposed data included highly personal details like mental health statuses, Child Protective Services interactions, and court orders, alongside typical identifiers like names and addresses.
– Fowler traced the database to Gladney due to employee records and believes it was exposed during a system migration, containing over 1.1 million records.
– Gladney stated they take security seriously, work with IT experts to investigate incidents, and comply with laws to notify affected individuals if sensitive data is compromised.
A recent data breach exposed highly sensitive adoption records, putting vulnerable children and families at risk. Security researcher Jeremiah Fowler discovered an unsecured database in late June containing detailed personal information related to adoptions. The exposed records included medical histories, court documents, and confidential details about biological parents, raising serious privacy concerns.
Fowler traced the database to Gladney Center for Adoption, a Texas-based nonprofit, after finding employee records alongside client data. The trove held over 1.1 million records, totaling 2.49 GB, likely from a customer relationship management (CRM) system. After multiple attempts to alert the organization, the database was secured, though it remains unclear whether unauthorized parties accessed the information beforehand.
The breach highlights the dangers of misconfigured databases, which continue to plague organizations despite widespread awareness. Adoption records are particularly sensitive, often containing details about foster care placements, mental health evaluations, and legal proceedings. Fowler emphasized the vulnerability of affected children, many of whom rely on confidentiality for their safety and well-being.
In a statement, Gladney’s chief operating officer, Lisa Schuessler, affirmed the organization’s commitment to security but stopped short of confirming whether impacted individuals had been notified. The nonprofit stated it works with IT experts and law enforcement to investigate incidents and strengthen safeguards. However, the lack of immediate transparency raises questions about accountability in handling such critical data.
Experts warn that breaches involving adoption records can have long-lasting consequences, from identity theft to emotional distress for families. While Gladney claims to prioritize data integrity, the incident underscores the need for stricter protocols, especially when handling information tied to vulnerable populations. As digital systems evolve, organizations must ensure that sensitive records remain protected at every stage of storage and transfer.
(Source: Wired)
