Adoption Agency Data Exposure Revealed Information About Children and Parents
Fowler scrambled to identify the owner of the database, which he concluded was the largely Texas-based nonprofit Gladney Center for Adoption. He then worked to notify the organization about the exposed data on June 25 but received no reply. He attempted notification again on June 26, and within a few hours the database was silently secured—hopefully before anyone else was able to access it.
Misconfigured databases are common online, even after years of effort to raise awareness about the issue, making information accessible to whoever comes across it. Fowler was particularly alarmed to see adoption-related data, though, because the trove included details like the identities of some children's biological parents, data on individuals' medical and mental health status, information about interactions with Child Protective Services, and even records referencing court orders. The database also included more typical personally identifying information like names, addresses, phone numbers, email addresses, and unique identifiers assigned to children's cases. Fowler was ultimately able to trace the database to Gladney, because it also contained information about some of the organization's employees.
'This is the first time in all of my research that I've seen adoption data, and it stood out because a lot of these kids are very vulnerable,' Fowler tells WIRED. 'I believe that this data was exposed during the move to a different system, and that it was up for a few days before I found it. So I go to sleep at night hoping I got to it before the bad guys did.'
Fowler says that the data appeared to be from a customer relationship management, or CRM, system that is used to organize client data in businesses and other organizations. The trove contained more than 1.1 million records and was 2.49 GB.
'The Gladney Center for Adoption takes security seriously. We always work with the assistance of external information technology experts to conduct a detailed investigation into any incident. Data integrity and operations are our top priority,' chief operating officer Lisa Schuessler wrote in a statement. 'With any incident, we work with law enforcement and comply with applicable laws and regulations, and in the case of any determination of sensitive information within our possession being impacted, we notify all impacted individuals.'
When asked whether this should be taken as confirmation that Gladney secured the exposed database found by Fowler and is notifying individuals whose data was included, Schuessler referred WIRED to Gladney's initial response. That statement also noted that Gladney is 'constantly taking additional steps to further strengthen and bolster our systems to ensure our networks and the information entrusted to us is secure.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CBS News
15 minutes ago
- CBS News
Canonsburg Police cracking down against e-bike rider violations
As e-bikes are becoming more popular, riders are causing more problems in some communities, and that's forcing the Canonsburg Police Department to ramp up enforcement. The department posted a picture of someone popping a wheelie on Facebook -- saying after receiving multiple complaints; they've been forced to crack down on e-bike riders breaking the law, and several teens are going to receive citations for their reckless use. They said a few kids are causing some very serious reckless events, including weaving in and out of traffic, popping wheelies on state roads, and fleeing when requested to stop by a police officer. "I know that there are a lot more. I only think it' a problem if you start seeing a lot of them on the sidewalk and I haven't seen too many of them," said Chris Wilfong. "I see it every once in awhile, its not a problem," said Richard Watters. Police are urging riders to obey all traffic laws. They're also asking parents to review the laws and ordinances governing e-bike operations with their kids.
Yahoo
27 minutes ago
- Yahoo
Phoenix police find 4 kids under 10 in a closed car in summer
Officers with the Phoenix Police Department found four children under the age of 10 in a closed car on July 24, 2025. The father was arrested. Solve the daily Crossword
CNET
44 minutes ago
- CNET
Don't Overthink It. That Suspicious Link May Actually Be a Scam
If you get a random text asking you to click a link, it's probably a scam. Getty/Karl Tapales Whether you blame artificial intelligence or data breaches, most of us are receiving phishing emails and texts more often than before. At the same time, scam links are getting harder to spot, which is bad news for victims who mistakenly click on a malicious URL while living their busy lives. Phishing and spoofing scams led to more than $70 million in losses in 2024, according to the FBI's Internet Crime Complaint Center. Many links include standard "https" encryption and domains similar to legitimate websites in order to trick everyday people. If you click on a scam link, you could suffer monetary losses. But you may also give up very sensitive information like your name and credit card information to scammers or even risk malware being downloaded onto your device. How to identify scam links Scam links are regularly found in phishing emails, text messages or other communications sent by cybercriminals. They're designed to fool you into downloading malware or bringing you to a fake website to steal your personal identifying information. Some examples of popular phishing scams include unpaid toll, gold bar and employment scams. Criminals typically send these links out en masse -- often aided by artificial intelligence. Enough people fall victim to phishing scams every year that con artists find it worth their while to follow the same playbook. Here's how to avoid taking the bait. Check the URL "Smartphones do their best to block scam links, so attackers use tricks to make their links clickable," said Joshua McKenty, CEO of a cybersecurity company that helps businesses protect mobile phones and call centers from AI-driven phishing scams. For example, you'll want to watch for an "@" sign in the URL, or you might have two different URLs "glued together" by a question mark, he added. Especially if the first URL is a or an link. Dave Meister, a cybersecurity spokesman for global cybersecurity company Check Point, added that you may be able to hover over the URL to reveal the actual destination. People should also look out for "typo-squatting," when the URL looks authentic, but it has "PayPa1" instead of "PayPal." That should tip you off that it's a bad link. Remember the URLs you frequently visit It would behoove everyone to pay attention to the URLs they visit often. "Major brands, especially banks and retailers, don't often change up their domain names," McKenty said. "If the link says it's likely safe. If it says, stay away." Be suspicious of short links Short links are often in texts and on social media. "Sadly, there's no safe way to check a shortened URL," McKenty said. He recommended not clicking on them. " or "shorturl" links often have standard " encryption, which make them appear trustworthy. In these cases, it's best to read the message itself and pay attention to any threatening language or pressure to act immediately to identify the scam. How are scam links sent to victims? Text scams Ironically, these don't always rely on website links. In fact, phone numbers are a frequent vehicle used in scammers' phishing attempts, according to McKenty. "People get tricked into clicking a phone number that's not actually their bank or the IRS, and then surrendering identity information on the phone," he said. If you think you got a message from a scammer, as tempting as it is to mess with them, do your best to resist. If you interact with the scammer, they may want to circle back knowing that you're reachable. Email scams Emails can also have scam links. McKenty said that while clicking on phone numbers and links in texts is happening more frequently, "the biggest dollar losses are still the classic email scams." He suggests copying any link you see into a notes app so that you can properly inspect it before clicking. QR code scams Sometimes, scams can even be embedded into a QR code. "QR codes have become the new stealth weapon, used everywhere from restaurant menus to parking meters," said Meister. "Scammers are known to slap fake codes on top of real ones in public, or embed them in phishing emails, linking to cloned websites or malware downloads," he said. Before you scan, make sure the QR code makes sense. If it's on the side of a gas pump, on a random park bench or in an unrecognized email, it's better to avoid it. Social media direct messages Chances are, you've run into these scam links. Sometimes social media accounts get compromised by cybercriminals posing as people you know. If your "uncle" sends you a direct message while sounding like a pushy timeshare salesman, telling you to check out this investment opportunity by clicking on a link, call your uncle first. What if I already clicked a link? If you clicked on a scam link, a number of things could happen. If you have software protecting your device, the firewall probably blocked it. If you don't have software protecting you from computer viruses and malware, then you might have a problem. Try these tips if you think you might've clicked on a phishing link: Get anti-virus software. If you don't already have anti-virus software that can help rid your laptop or desktop of viruses, you should get one. There are plenty of free and paid options to choose from. If you don't already have anti-virus software that can help rid your laptop or desktop of viruses, you should get one. There are plenty of free and paid options to choose from. Be aware of malware. Your phone isn't immune to malware. Scam links are often designed to trick somebody into downloading malware, which can then give the scammer access to your phone. If your phone is infected with malware, do not access any financial apps. Instead, clear your browser cache, remove any apps you don't recognize, or try a factory reset. If you're really stuck, you could also call your phone's tech support. Your phone might be slow or unresponsive and you may see increased pop-up ads if it's infected. Your phone isn't immune to malware. Scam links are often designed to trick somebody into downloading malware, which can then give the scammer access to your phone. If your phone is infected with malware, do not access any financial apps. Instead, clear your browser cache, remove any apps you don't recognize, or try a factory reset. If you're really stuck, you could also call your phone's tech support. Your phone might be slow or unresponsive and you may see increased pop-up ads if it's infected. Contact your bank or credit card issuer. If you've been visiting your bank website or app on a compromised device, to be safe, let your financial institution know. If you've been visiting your bank website or app on a compromised device, to be safe, let your financial institution know. Contact the authorities. If you clicked on a spam link and were scammed out of money, report it to the Federal Trade Commission so they can spread the word about the scam. You'll also want to call your police department and anyone else you can think of. The more people are aware of a scam, the less likely they'll fall for it.
