Institute for Human Resources and Services Data Breach Exposes Sensitive PII and PHI

The Institute for Human Resources and Services Inc., a Pennsylvania-based nonprofit specializing in foster care, adoption, and support for individuals with developmental disabilities, experienced a data breach that exposed sensitive personal information.

The incident was first detected on Aug. 14, 2025, when the organization noticed suspicious activity within its systems. An investigation revealed that between Aug. 13 and Aug. 14, 2025, an unknown actor gained unauthorized access to certain systems and may have accessed or taken information stored there.

A detailed review of the affected files concluded on Dec. 10, 2025, and IHRS began efforts to notify those impacted.

The exposed information included name, Social Security number, driver’s license number, financial account information, medical information, and health insurance information.

According to the Maine Attorney General’s disclosure, three Maine residents were affected, though the total number of impacted individuals across the United States was not specified in the disclosure.

Written notices were sent to affected individuals on Feb. 11, 2026. The company has also posted a notice of the data incident on the home page of its website.

The Institute for Human Resources and Services's response

The organization notified federal law enforcement and began a thorough review of the compromised files to identify affected individuals. In addition, IHRS has implemented enhanced security safeguards and is providing additional employee training to help prevent future incidents.

To support those affected, IHRS is offering twelve months of complimentary credit monitoring and identity protection services through Kroll. Impacted individuals are encouraged to enroll in these services to help detect and respond to potential identity theft.

The company’s notice also provides detailed steps for placing fraud alerts and credit freezes with major credit bureaus, as well as resources for reporting identity theft to the Federal Trade Commission, state attorneys general, and law enforcement.

Given the exposure of Social Security and driver’s license numbers, individuals should remain vigilant by monitoring their financial accounts, reviewing credit reports for suspicious activity, and considering placing a credit freeze or fraud alert. Promptly reporting any suspected identity theft or fraud is also recommended.