Data Breach at New York Blood Center Exposes Donors’ Sensitive Information

New York Blood Center Enterprises has disclosed that a data security incident earlier this year exposed highly sensitive personal information belonging to many of its donors.

 

Operating 19 donor centers throughout New York and New Jersey, New York Blood Center Enterprises stands as one of the nation’s largest independent, community-based blood centres.

 

In a data security incident notice submitted to the Office of the Maine Attorney General, NYBCe said that on January 26, it identified unauthorised access within its internal network. The blood centre immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

“The investigation determined that, between January 20 and January 26, 2025, an unauthorised party gained access to our network and acquired copies of a subset of our files,” NYBCe said.

 

The compromised data included names, Social Security numbers, driver’s license or other government identification card numbers, and financial account information. The company has not yet disclosed how many individuals were impacted.

 

“To help prevent something like this from happening again, we have, and are continuing to, enhance our security protocols and technical safeguards to further protect and monitor our systems,” NYBCe added.

 

The blood centre has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through Experian to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on NYBCe. The blood centre also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.