DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cerebral Palsy Research Foundation of Kansas notifying 8,300 clients after discovering data had been exposed for 10 months

Posted on May 11, 2018 by Dissent

The Cerebral Palsy Research Foundation of Kansas, Inc. posted the following notice on its site about a breach. According to their report to HHS, the incident resulted in the notification of 8300 clients.

May 9, 2018

To CPRF Clients:

We are writing to notify CPRF clients of a privacy incident involving demographic data for those served from 2001-2010.

What happened?

On March 10, 2018, the CPRF team became aware that a previously used database containing client data was vulnerable for a period of 10 months. CPRF immediately re-secured the information and began the investigation and identification process. CPRF determined that, in the course of building a demographic database in early 2000, the information was stored on a secure sub-domain. This database was not identified during a recent change in servers at CPRF, which temporarily exposed the information before it was re-secured.

What information was involved?

The information could include personal identifiable information and personal health information regarding type of disability. If you were a CPRF client from 2001-2010, please call 855-789-0923 with any questions regarding what type of information was exposed on an individual level. No client financial information or donor information was affected.

What we are doing?

Once we became aware of the situation, we immediately re-secured the information and took the necessary steps to determine the scope and nature of the information in order to send notification letters to those affected.

As a result of this incident, CPRF conducted a thorough audit of all other sub-domains and detected no further vulnerabilities. We also reinforced our policies and procedures related to data security and employee transitions, and we are in the process of hiring a third-party consultant to perform routine vulnerability and penetration evaluations.

What you can do?

All CPRF clients who were affected by this incident should sign up for the free, one-year credit monitoring and identity protection services offered. A website and personal activation code were included in the client notification letter. If you did not receive a letter, but were a CPRF client from 2001-2010, call 855-789-0923 to determine if you were affected. If so, we encourage you to use the credit monitoring and identity protection services.

Other ways to protect against harm:

    • Call the toll-free numbers of one of the three major credit bureaus to place a fraud alert on your credit report. This can help prevent identity theft by preventing new accounts from being opened in your name.
      • Equifax 1-800-525-6285 (P.O. Box 740241, Atlanta GA 30374-0241)
      • Experian 1-888-397-3742 (P.O. Box 9532, Allen, TX 75013)
      • TransUnion 1-800-680-7289 (Attn: Fraud Victims Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790)
    • Monitor your credit reports. Examine your reports closely for activity that you have not initiated.
    • Monitor your banking and credit card statements closely for activity that you have not initiated.
    • Visit the Federal Trade Commission Identity Theft website for information on protecting yourself from identity theft. www.ftc.gov (to Quick Finder and click on Identity Theft).

For more information

For more information, call 855-789-0923.

Sincerely,

Patrick T. Jonas
CPRF President & CEO

Category: Health DataMiscellaneousU.S.

Post navigation

← NY: 50 case files from Dept. of Social Services may have been exposed to data breach
Data breach affects nearly 900 patients from two San Francisco hospitals →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.