A massive data breach has put at risk the sensitive personal information of over 1.1 million individuals linked to the Gladney Center for Adoption, a Texas-based organization. Cybersecurity researcher Jeremiah Fowler discovered the unprotected database while scanning for exposed records on the web. The leak, totaling 2.49 gigabytes of data, included confidential details regarding children, adoptive parents, and internal staff, raising serious privacy concerns.
The database was left accessible online without a password or encryption, allowing anyone with an internet connection to view the information. This accessibility highlights vulnerabilities in the security practices of organizations that manage sensitive data. Fowler’s findings have led to questions about how long this information was endangered and whether it was accessed by malicious actors before being secured.
Within the database, records included case notes and personal assessments, often containing sensitive content such as family backgrounds and reasons for adoption denials. Fowler expressed concern that while full case files were not exposed, the details available could prove beneficial for social engineering attempts or fraud. The records contained approximately 284,000 email metadata entries, each potentially exposing context that could be exploited.
Fowler promptly alerted the Gladney Center, and the data was secured the following day. However, the lack of response from the organization regarding disclosure and the potential forensic review raises concerns about the effectiveness of current data protection measures. The incident serves as a reminder of the need for encryption, regular audits, and proper training for personnel handling sensitive information.