Arthur Ashe Institute Data Breach Exposes Social Security Numbers and Medical Info

The Arthur Ashe Institute for Urban Health Inc., a nonprofit organization based in Brooklyn dedicated to advancing health equity, has experienced a data breach that may affect individuals connected to its programs and services.

The incident was the result of a cyberattack that took place between April 4, 2025, and May 18, 2025. During this period, unauthorized actors gained access to the organization’s systems and potentially acquired sensitive files.

After discovering the breach, the institute launched a thorough investigation with the help of third-party cybersecurity experts. The investigation revealed that a set of files containing personally identifiable information (PII) and protected health information (PHI) may have been accessed or acquired by the threat actors.

The compromised data included names, Social Security numbers, driver’s license numbers, financial account information, medical information and health insurance information.

The organization reported the breach to the New Hampshire Attorney General on Jan. 23, 2026.

The full extent of affected individuals has not been publicly disclosed; however, at least one resident of New Hampshire has been affected.

Arthur Ashe Institute for Urban Health's response

In response to the breach, AAIUH acted to secure its systems and minimize further risk. They updated all passwords, implemented multi-factor authentication protocols and began a comprehensive review of their data security policies and procedures. The organization is also making improvements to its cybersecurity infrastructure to prevent similar incidents in the future.

To support those affected, AAIUH is offering free credit monitoring and related services for 12 months.

Impacted individuals are being notified directly, allowing them to take steps to protect themselves from possible misuse of their information. Anyone who receives a notification should remain vigilant by monitoring their financial accounts, reviewing credit reports for suspicious activity and considering placing a fraud alert or security freeze with credit bureaus.