Update: The New York Blood Center Enterprises published a Notice to Clinical Services Recipients regarding the data breach on its website on Sept. 5, 2025. The cybersecurity incident was also disclosed to the California, Maine, Massachusetts, Washington, Texas, Vermont and New Hampshire Attorney Generals' offices beginning on Sept. 5, 2025.
Affected individuals includes 10,557 in Texas, 2,996 Washington residents, eight in Maine, 213 Massachusetts residents and six in New Hampshire.
An investigation was completed on Aug. 12, 2025. Current and former employees may have had the following personal data compromised in the breach: names, Social Security numbers, driver's license or state ID numbers and financial account information. Clinical services patients may have had names, health information and test results exposed.
On January 26, 2025, the New York Blood Center Enterprises (NYBC) discovered suspicious activity affecting its IT systems, which was confirmed to be a ransomware incident. This breach has significantly impacted the organization's operations, as it is one of the largest independent, community-based blood centers in the world, providing essential blood and stem cell products to hospitals and patients.
The breach involved unauthorized access to NYBC's systems, leading to the encryption of critical data. As a result, the organization had to take certain systems offline to contain the threat.
The exact number of individuals affected and the specific types of data compromised have not been disclosed. However, given the nature of NYBC's services, it is possible that sensitive personal and medical information could have been at risk.
The severity of this breach lies in its potential impact on NYBC's ability to continue providing crucial services to hospitals and patients. The organization is working diligently with third-party cybersecurity experts to restore its systems safely and efficiently.
In response to the breach, NYBC immediately engaged third-party cybersecurity experts to investigate and contain the threat. The organization has been in direct communication with its hospital partners to implement workarounds that help restore services and fulfill orders. Law enforcement has also been notified about the incident.
NYBC has assured the public that it remains committed to its mission and is taking all necessary steps to address the situation. Blood donations are still being accepted, although processing times may be longer than usual. The organization has communicated with donor centers, sponsor organizations, and donors to keep them informed of any necessary changes or updates.
For individuals who may have been affected by the breach, it is advisable to monitor personal accounts and be vigilant for any signs of unusual activity. NYBC has not yet provided specific resources for affected individuals but continues to work on restoring systems and services.
More information about the organization can be found on the New York Blood Center Enterprises website.
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.