Another day, another serious data leak—and this one hits particularly hard. Gladney Center for Adoption, a well-known nonprofit in the adoption world, accidentally exposed over 1.1 million sensitive records in an unsecured online database.
We’re not just talking emails and names here. This leak included some of the most personal information imaginable: names of children, birth parents, adoptive families, employees, and even applicants who were approved or denied to adopt.
Yeah. It’s a big one.
Who Found the Leak?
Cybersecurity researcher Jeremiah Fowler—basically a digital Indiana Jones for unsecured databases—discovered the 2.49 GB trove earlier this week. He’s known for finding databases that are exposed online without passwords or encryption.
Once he spotted the issue, he immediately contacted Gladney, who locked it down fast. So far, there’s no public evidence that anyone else found or accessed the data before Fowler did. Still, without a deep forensic analysis, we can’t rule out silent data harvesting.
Related News: Microsoft Replaces King and Xbox Game Dev Roles With AI
What Was in the Database?
Let’s break it down:
- Names of children, birth parents, and adoptive parents
- Full contact info (phone numbers, addresses)
- Details on employee records
- CRM-generated lead info
- Notes on whether someone was approved or denied for adoption
- Mentions of “birth fathers” and other deeply personal identifiers
If you’re thinking “this is the kind of stuff cybercriminals dream of,” you’re exactly right.
Why It’s a Hacker’s Goldmine
This isn’t just embarrassing—it’s dangerous. Here’s why this kind of data is high-value:
- Custom phishing: Hackers can craft ultra-convincing emails using real adoption details.
- Scams targeting emotional triggers: “Congrats! You’ve been approved—just pay this small fee to proceed.”
- Identity theft & fraud: With names, addresses, and application status, crooks can easily impersonate victims.
- Ransomware: They could even target the organization itself using the exposed CRM data.
This is a nightmare scenario, especially for a community built on trust and sensitive relationships.
Who’s at Fault?
Gladney acted quickly, but the big mystery is who was running the database:
- Was it in-house at Gladney?
- Or a third-party CRM provider they were using?
Right now, that’s unclear. But what is clear: someone didn’t configure their cloud storage securely. That’s Data Security 101—and it flunked.
What Can Be Done Now?
If you or someone you know has interacted with Gladney in any capacity, here’s what you should do:
- Watch your inbox – Be suspicious of any messages claiming to be from Gladney or other adoption services.
- Don’t click random links – Even if the email references real info, double-check with official contacts.
- Use multi-factor authentication – Especially for email and financial accounts.
- Consider identity monitoring – You might want to get notified if your info pops up where it shouldn’t.
Final Thoughts
This leak is more than just a technical oops—it’s a painful reminder that even trusted nonprofits need to lock down their data with the same rigor as banks or hospitals.
We don’t know how long this database was floating in the digital void, but the potential damage is real. And while it’s lucky a white-hat like Fowler found it first, that doesn’t undo the fact that over a million records were sitting exposed.
Hopefully, this serves as a wake-up call—not just for Gladney, but for any org handling private, life-altering information.
Stay alert out there. The internet doesn’t forget.
Also read: Windows 10’s Emoji Search Is Broken After Latest Update