Adoption Agency’s Leaky Database Exposes Over 1.1 Million Sensitive Records

Security researcher Jeremiah Fowler has uncovered a leaky database affecting the Gladney Center for Adoption, a well-known nonprofit organization based in Texas.

The data exposure, discovered in June during a routine check, revealed over 1.1 million sensitive records, potentially impacting families, employees, and even children involved in adoption and foster care.

What Was Exposed?

According to Fowler, the publicly exposed database “was not password-protected or encrypted”. Among the 1,115,061 records totaling 2.49 GB, he saw:

• Full names, addresses, phone numbers, and email addresses
• Highly sensitive information like mental and medical health data
• Adoption case notes, court documents, and child protective services files
• Information on both birth and adoptive families
• Internal details about employees and donors

After being notified, Gladney acted fast and took it offline within hours, but the exposure had already happened.

“I immediately sent a responsible disclosure notice to Gladney, and the database was restricted from public access the following day and no longer accessible,” Fowler noted. “Although the records appeared to belong to Gladney, it is not known if the database was owned and managed directly by them or by a third-party contractor.”

While the security researcher does not imply wrongdoing on the part of the organization, he urges caution because it’s not known how long the database was publicly accessible or if anyone else accessed it.

The information on vulnerable individuals, including children in the adoption and foster care systems, is highly sensitive. The exposed data is especially valuable to cybercriminals because of its sensitive nature. Details from adoption cases—like legal issues, health history, or personal notes—could be used for identity theft, targeted phishing, or blackmail. Worse, scammers could impersonate adoption agency staff or social workers, using insider information to appear legitimate and trick families into sharing more or taking harmful actions.

What Can Potentially Impacted Individuals Do?

• Monitor your accounts for unusual activity
• Be cautious with calls or emails that reference your personal or family details
• Freeze your credit if you suspect exposure (especially for minors)
• Use strong, unique passwords and enable multi-factor authentication everywhere you can

How Bitdefender Can Help

Incidents like this can be mitigated with the right tools like Bitdefender Digital Identity Protection.

Here’s what it does:

• Finds your personal data online, including in breaches or leaked files
• Sends real-time alerts if your info appears where it shouldn’t (for example, data from a publicly exposed database appears on the Dark Web)
• Gives you step-by-step guidance on what to do next
• Monitors your digital footprint continuously so you’re never caught off guard