DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cerebral Palsy Research Foundation of Kansas notifying 8,300 clients after discovering data had been exposed for 10 months

Posted on May 11, 2018 by Dissent

The Cerebral Palsy Research Foundation of Kansas, Inc. posted the following notice on its site about a breach. According to their report to HHS, the incident resulted in the notification of 8300 clients.

May 9, 2018

To CPRF Clients:

We are writing to notify CPRF clients of a privacy incident involving demographic data for those served from 2001-2010.

What happened?

On March 10, 2018, the CPRF team became aware that a previously used database containing client data was vulnerable for a period of 10 months. CPRF immediately re-secured the information and began the investigation and identification process. CPRF determined that, in the course of building a demographic database in early 2000, the information was stored on a secure sub-domain. This database was not identified during a recent change in servers at CPRF, which temporarily exposed the information before it was re-secured.

What information was involved?

The information could include personal identifiable information and personal health information regarding type of disability. If you were a CPRF client from 2001-2010, please call 855-789-0923 with any questions regarding what type of information was exposed on an individual level. No client financial information or donor information was affected.

What we are doing?

Once we became aware of the situation, we immediately re-secured the information and took the necessary steps to determine the scope and nature of the information in order to send notification letters to those affected.

As a result of this incident, CPRF conducted a thorough audit of all other sub-domains and detected no further vulnerabilities. We also reinforced our policies and procedures related to data security and employee transitions, and we are in the process of hiring a third-party consultant to perform routine vulnerability and penetration evaluations.

What you can do?

All CPRF clients who were affected by this incident should sign up for the free, one-year credit monitoring and identity protection services offered. A website and personal activation code were included in the client notification letter. If you did not receive a letter, but were a CPRF client from 2001-2010, call 855-789-0923 to determine if you were affected. If so, we encourage you to use the credit monitoring and identity protection services.

Other ways to protect against harm:

    • Call the toll-free numbers of one of the three major credit bureaus to place a fraud alert on your credit report. This can help prevent identity theft by preventing new accounts from being opened in your name.
      • Equifax 1-800-525-6285 (P.O. Box 740241, Atlanta GA 30374-0241)
      • Experian 1-888-397-3742 (P.O. Box 9532, Allen, TX 75013)
      • TransUnion 1-800-680-7289 (Attn: Fraud Victims Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790)
    • Monitor your credit reports. Examine your reports closely for activity that you have not initiated.
    • Monitor your banking and credit card statements closely for activity that you have not initiated.
    • Visit the Federal Trade Commission Identity Theft website for information on protecting yourself from identity theft. www.ftc.gov (to Quick Finder and click on Identity Theft).

For more information

For more information, call 855-789-0923.

Sincerely,

Patrick T. Jonas
CPRF President & CEO

Related:

  • Cerebral Inc. notifying 3,179,835 patients of…
  • Kept in the Dark -- Meet the Hired Guns Who Make…
  • Unencrypted laptops still a major cause of breach…
  • HIPAA Security Rule Facility Access Controls – What…
  • Operation Anti Security Breakdown and targets, the…
Category: Health DataMiscellaneousU.S.

Post navigation

← NY: 50 case files from Dept. of Social Services may have been exposed to data breach
Data breach affects nearly 900 patients from two San Francisco hospitals →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Dublin ETB fined €125,000 for data protection breaches
  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach
  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.