Strauss Borrelli PLLC, a leading data breach law firm, is investigating Catholic Charities of the Diocese of Albany (“Catholic Charities”) regarding its recent data breach. The Catholic Charities data breach involved sensitive personal information and protected health information belonging to an undetermined number of individuals.
ABOUT CATHOLIC CHARITIES OF THE DIOCESE OF ALBANY:
Catholic Charities is a private social services agency based in New York. Founded in 1917, Catholic Charities provides a variety of social services, from food, clothing, and shelter to specialized needs such as mental health counseling, disaster assistance, and more.2,3 Headquartered in Albany, New York, Catholic Charities employs over 500 individuals and services more than 100,000 people yearly in the fourteen counties of the Albany Diocese.3
WHAT HAPPENED?
Recently, Catholic Charities announced that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice shared on its website, on July 30, 2025, Catholic Charities discovered unusual activity on its network.1 As a result, Catholic Charities launched an investigation to determine the nature of the incident.
Through its investigation, Catholic Charities confirmed that sensitive personal information and protected health information in its systems may have been accessed by an unauthorized third party between March 29 and July 31, 2025. As a result, Catholic Charities began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Address
- Phone number
- Email address
- Driver’s license or state ID number
- Taxpayer ID number
- Date of birth
- Medical information (medical diagnosis/treatment information, prescription information, date of service, patient ID number, provider name, medical record number, Medicare/Medicaid number)
- Health insurance information (health insurance claim number, health insurance policy number, treatment cost information)
On September 26, 2025, Catholic Charities posted notice of the breach on its website. Additionally, on November 24, 2025, Catholic Charities began mailing data breach notification letters to impacted individuals. Based on the website breach notice, Catholic Charities is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the website breach notice is below.
If you believe you have been affected by the Catholic Charities of the Diocese of Albany breach:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
