As more of children’s lives move online—from education and healthcare to social services and adoption—their personal data becomes increasingly vulnerable. Unfortunately, children often become silent victims of major data breaches, which can expose sensitive information and have lasting consequences. A recent example is the alarming Gladney Center for Adoption breach, where over a million confidential records were left publicly accessible online. This incident highlights the urgent need for better data security when handling information related to minors.
A Closer Look at the Gladney Breach
The breach involved 1,115,061 unprotected records that contained names, contact details, UUIDs, internal notes on adoption cases, medical records, and legal histories. Among those affected were children, birth parents, adoptive families, and agency staff. The database was left unsecured—neither encrypted nor password-protected—and may have been available for some time before being discovered and taken offline.
What makes this case particularly disturbing is the emotional and legal nature of the data, which included reasons for adoption approval or denial, CPS involvement, and highly personal medical and family background information. Such exposure could lead to lasting harm if misused or circulated.
Why Children’s Data Is Highly Valuable to Criminals
Children’s data is considered a prime target for identity thieves and cybercriminals. Information like full names, birthdates, Social Security numbers, and home addresses can be used to create fake identities, open lines of credit, or commit healthcare fraud. Because children typically don’t have active credit histories, identity theft may go unnoticed for years.
The Gladney case is only one of several major breaches that have jeopardized children’s data.
Other Significant Breaches Impacting Children
T-Mobile (2021):
Tens of millions of people had their data compromised, including minors on family plans. Hackers accessed full names, dates of birth, and Social Security numbers.
Edmodo (2017):
The education platform suffered a breach that affected 77 million users, many of them K-12 students. Account credentials and email addresses were leaked.
VTech (2015):
A breach involving internet-connected toys revealed the data of over 6 million children, including names, birthdates, and even photos and chat logs with parents.
K12.com (2020):
A remote learning platform saw student information—including grades and behavioral records—leaked after a ransomware attack.
Gladney Center for Adoption (2025):
This breach was particularly distressing due to the nature of the data, which included confidential adoption case notes and medical records of children and families in vulnerable circumstances.
Long-Term Consequences of Data Breaches on Children
When a child’s data is compromised, it can create problems that follow them into adulthood. These include:
- Identity theft, leading to financial difficulties later in life
- Medical fraud, which can create false health histories
- Social or emotional harm, especially when private family or legal matters are exposed
- Increased risk of exploitation, including scams or manipulation
Children often have no control over how their data is collected or used, making parental awareness and institutional responsibility critical.
What Parents and Organizations Can Do
For Parents:
- Freeze your child’s credit to prevent identity misuse.
- Limit personal data sharing when signing up for online services or educational tools.
- Review privacy policies of platforms or organizations collecting your child’s information.
- Be alert to signs of misuse, such as unexpected mail, strange activity, or denied benefits.
For Organizations:
- Encrypt all stored and transmitted data, especially when involving minors.
- Implement role-based access control to limit who can view or edit sensitive records.
- Conduct frequent security audits and vulnerability assessments.
- Vet third-party vendors carefully, especially those storing or managing child-related data.
- Educate staff on cybersecurity, phishing threats, and responsible data handling.
- Retain only essential information and archive or delete outdated files securely.
A Critical Responsibility
Although organizations like the Gladney Center are built around supporting children and families, strong cybersecurity must accompany that mission. Leaving sensitive data exposed—even unintentionally—can compromise the safety and trust of those the organization aims to serve.
This breach illustrates how quickly good intentions can be overshadowed by poor digital hygiene. As technology becomes a core part of services for children, protecting their information must be considered a non-negotiable obligation.
Parents and guardians should stay proactive when choosing schools, services, or platforms that interact with their children’s data. It’s also important to be aware that U.S. data protection laws for children vary widely by state and sector. Meanwhile, the FBI has warned families to look out for adoption scams and unethical practices, particularly when navigating sensitive processes like foster care or international adoption.
The Gladney breach—and others like it—underline a hard truth: children are increasingly at risk in the digital world, and their personal data must be treated with the highest level of care and security. Whether it’s a school, healthcare provider, or adoption agency, every organization that handles children’s information has a duty to implement robust security measures.
Children can’t protect their own data. That responsibility falls on adults, institutions, and policymakers. If we want to ensure a safe digital future for the next generation, we must prioritize their privacy now.