CentroNía Data Breach Exposes PII and PHI

CentroNía, a nonprofit organization based in Washington, D.C., disclosed a data breach involving an unauthorized actor who accessed the organization's network between June and July 2025. The total number of individuals affected has not been publicly disclosed.

The organization posted a notice on its website about the incident and stated it was notifying regulators as necessary.

What happened in the CentroNía data breach

CentroNía engaged an investigation upon noticing suspicious activity on its network.

The investigation determined that an unauthorized actor gained access to CentroNía's network between June 10, 2025, and July 6, 2025. During that time, the unauthorized actor viewed or took certain files from the network.

After discovering the breach, CentroNía completed a comprehensive review of the potentially impacted files to determine what information they contained and to whom the information pertained. The organization then began notifying potentially impacted individuals based on the results of that review.

The types of personal information stored within the affected files included dates of birth, Social Security numbers, driver's license or government ID numbers, passport numbers, financial account information, medical information and health insurance information.

CentroNía's response to the breach

CentroNía encouraged affected individuals to remain vigilant over the next 12 to 24 months against incidents of identity theft and fraud.

The organization recommended reviewing account statements and monitoring free credit reports for suspicious activity. The notice did not mention an offer of free credit monitoring or identity protection services to affected individuals.

CentroNía has set up a dedicated toll-free assistance line for individuals with questions about the incident. The line can be reached at 1-833-918-1296 and is available Monday through Friday from 8 a.m. to 8 p.m. ET, excluding major U.S. holidays.

Individuals may also write to CentroNía at 1420 Columbia Road, Northwest, Washington, DC, 20009.

Steps to take if your information was exposed

Given the sensitive nature of the information involved, including Social Security numbers, passport numbers and financial account data, affected individuals may want to act quickly to protect themselves using the steps outlined below.

• Place a fraud alert or credit freeze by contacting any of the three major credit bureaus: Equifax at 1-888-298-0045, Experian at 1-888-397-3742 or TransUnion at 1-833-799-5355.
• Request free credit reports at AnnualCreditReport.com and review them for unfamiliar accounts or suspicious activity.
• Monitor financial accounts and insurance statements closely for unauthorized transactions or unfamiliar medical claims.
• Be cautious of phishing attempts that reference CentroNía or this data breach by name, as scammers may try to use the incident to trick individuals into sharing more personal information.
• Report suspected identity theft to the Federal Trade Commission at IdentityTheft.gov or by calling 1-877-438-4338, and file a police report if needed.
• Contact the appropriate state attorney general for additional guidance or to report concerns. Residents can reach the District of Columbia AG at 202-442-9828, the Maryland AG at 1-888-743-0023, the New York AG at 1-800-771-7755, the North Carolina AG at 1-877-566-7226 or the Rhode Island AG at 1-401-274-4400. Individuals can also review their rights under the Fair Credit Reporting Act through the Consumer Financial Protection Bureau.