New York Blood Center data breach sees 200,000 affected - and you might not even know you've been hit

1 hour ago 5

(Image credit: Unsplash)

NYBCE suffered a cyberattack in January 2025, exposing sensitive patient and financial data
Victims may include those with SSNs, ID numbers, or direct deposit information; exact count unknown
NYBCE can't notify all victims due to missing contact info, offers free identity monitoring instead

A US blood services nonprofit had admitted suffering a cyberattack in which it lost sensitive information on an undisclosed number of people.

New York Blood Center Enterprises (NYBCE) confirmed it spotted an intrusion on January 26, 2025, which prompted an investigation with the help of third-party forensics experts. The investigation determined that unidentified threat actors accessed its network a week earlier - on January 20 - and during that time snuck out sensitive patient information.

“In order to perform these services, we receive limited clinical information from healthcare providers and partners. Some of this information may have been involved in a cybersecurity incident we recently addressed,” the notice reads.

Notifying the victims

In a separate filing with the Office of the Maine Attorney General, NYBCE confirmed the incident, but did not list the exact number of affected individuals.

It did say that the data varies from person to person, but most likely includes their name, Social Security number (SSN), driver’s license or other government identification card number, and/or financial account information - if the person participated in direct deposit.

In the website announcement, the organization also said that “limited health information and test results” may have been stolen, too.

But the worst part is that NYBCE is not able to notify all of the victims properly:

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“We do not collect or maintain contact information for individuals for whom we provide clinical services. As a result, we are unable to mail letters to individuals whose information may have been involved,” it further announced.

Therefore, people who believe they might have been affected are advised to call the organization’s confidential call center.

NYBCE is also offering a year’s worth of free credit and identity theft monitoring via Experian’s IdentityWorksSM, and is said to be working on “enhancing security protocols”.

Via Tom's Guide

Major healthcare service breach exposes data on over 600,000 people - names, SSNs, and more stolen, here's what we know
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article