Philly org breach probed
Claims of a data breach at the Philadelphia Corporation for Aging are now being investigated by law firm Lynch Carpenter, highlighting that third‑party incidents can expose community and school‑linked data. The case is a reminder that partner and vendor breaches create real downstream exposure and legal risk. (globenewswire.com)
On or around July 25, 2025, Philadelphia Corporation for Aging (PCA) detected unusual activity in its network and an outside actor accessed and may have copied files between July 10 and July 25, 2025. (mm.nh.gov) PCA completed its internal review of affected data on October 23, 2025, and began mailing notification letters to impacted individuals on November 4, 2025. (chimicles.com) The information potentially exposed includes full names, dates of birth, Social Security numbers, credit card and financial account information, health insurance details and limited medical information. (mm.nh.gov) PCA offered at least 12 months of complimentary credit monitoring and identity restoration services through TransUnion/Cyberscout and routed breach response mailings through Cyberscout’s P.O. Box. (claimdepot.com) Regulatory notices were filed beginning November 4–6, 2025 with multiple state attorneys general (including Maine, Massachusetts, New Hampshire and Vermont), with state filings reporting small counts of affected residents in some states while leaving the national total unspecified. (claimdepot.com) Several plaintiff-side law firms and class-action investigators publicly opened probes after PCA’s disclosures, including Federman & Sherwood, Levi & Korsinsky, Chimicles, Strauss Borrelli and others that cited PCA’s regulator filings as the basis for their inquiries. (federmanlaw.com)
