News
National Association on Drug Abuse Problems (NADAP) Data Breach
BlogBreachesResourcesNews
National Association on Drug Abuse Problems (NADAP) Data Breach

National Association on Drug Abuse Problems (NADAP) Data Breach

UpGuard Team
UpGuard Team
March 25, 2026

Key facts: NADAP data breach

  • Date reported: March 24, 2026.
  • Unauthorized access identified: January 10, 2026.
  • Target entity: National Association on Drug Abuse Problems (NADAP).
  • Source of breach: Unknown, unauthorized third-party.
  • Data types: Full names, Social Security numbers, dates of birth, medical diagnoses, health insurance information, and financial/tax details.
  • Status: Confirmed; forensic investigation concluded on January 27, 2026.
  • Severity: High; involves approximately 90,000 individuals and includes permanent identifiers and protected health information (PHI).

What happened in the NADAP data breach?

The National Association on Drug Abuse Problems (NADAP), a New York-based nonprofit operating via nadap.org, disclosed a significant cybersecurity incident on March 24, 2026. The organization first detected unauthorized activity on its network on January 10, 2026. A subsequent forensic investigation, which concluded on January 27, 2026, confirmed that an unauthorized third party gained access to sensitive files containing protected health information (PHI) and personal identifiers. While the investigation identified the scope of the exposure, no specific threat actor has claimed responsibility for the attack.

The breach affected approximately 90,000 individuals, exposing a wide range of sensitive data including Social Security numbers, medical diagnoses, and financial details. The severity of this incident is classified as high due to the combination of permanent identifiers and private health records. In response, NADAP has updated its security protocols by strengthening password requirements and deploying conditional access policies. This type of exposure typically leads to heightened risks of targeted phishing and identity exploitation.

Who is behind the incident?

The attacker or cause of the incident has not been identified.

Impact and risks for NADAP customers

For the 90,000 individuals affected by the NADAP breach, the exposure of Social Security numbers and medical information presents a substantial risk of identity theft and financial fraud. Malicious actors could potentially use this data to open fraudulent lines of credit, file deceptive tax returns, or exploit health insurance benefits. Furthermore, the inclusion of diagnostic and health insurance information increases the likelihood of sophisticated social engineering attacks, where fraudsters pose as healthcare providers to solicit further sensitive information or payments.

Victims of health data breaches often face long-term administrative challenges in restoring their digital identity and securing their financial accounts. Affected individuals should immediately place a fraud alert or credit freeze on their credit reports and closely monitor their insurance Explanation of Benefits (EOB) statements for unauthorized services. Proactive transparency from the affected organization is vital for helping victims mitigate these ongoing risks.

How to protect against similar security incidents

In light of the NADAP breach involving Social Security numbers and sensitive health data, it is critical for affected individuals to take immediate steps to secure their personal information.

  • Monitor financial and insurance accounts. Regularly review bank and credit card statements for any transactions you do not recognize. Carefully check health insurance Explanation of Benefits (EOB) statements to ensure all listed services were actually received.
  • Implement a credit freeze. Contact the three major credit bureaus—Equifax, Experian, and TransUnion—to place a freeze on your credit file. This prevents unauthorized parties from opening new credit accounts in your name using your Social Security number.
  • Enhance credential security. Change passwords for all sensitive accounts, ensuring each one is unique and complex. Enable multi-factor authentication (MFA), preferably using an authenticator app or hardware key, to add a layer of security beyond passwords.
  • Deploy attack surface management. Organizations should utilize continuous monitoring tools to identify and secure vulnerable network entry points. Regularly review and update conditional access policies to ensure only authorized users and devices can access sensitive data environments.

Taking these proactive measures is essential to reducing the potential impact of data exposure and maintaining long-term digital security.

Frequently asked questions

What happened in the NADAP security breach?

On March 24, 2026, NADAP (nadap.org) disclosed a security breach. According to initial reports, unauthorized access to the nonprofit's network resulted in the exposure of sensitive protected health information and financial data for approximately 90,000 individuals.

When did the NADAP breach occur?

The NADAP breach was publicly reported on March 24, 2026. The organization first detected the incident on January 10, 2026, and completed its forensic investigation on January 27, 2026.

What data was exposed?

The types of data involved in the NADAP incident include names, Social Security numbers, dates of birth, medical or health information, diagnostic information, health insurance information, and tax or financial information. This page will be updated as verified information becomes available.

Is my personal information at risk?

If you interacted with NADAP, there's a possibility your personal information could be affected. Similar incidents often involve email addresses, login details, or financial records. Stay alert for updates and take precautionary measures to secure your accounts.

How can I protect myself after a data breach?

• Change passwords for all sensitive accounts
• Enable multi-factor authentication (MFA)
• Monitor financial and insurance statements for suspicious activity
• Place a credit freeze or fraud alert with major credit bureaus
• Use breach monitoring tools to stay informed of data leaks

What steps should companies take after being breached?

NADAP has moved to secure its systems by strengthening password requirements and implementing conditional access policies. The organization is notifying affected individuals and advising them to monitor their financial and insurance records for signs of fraud.

This cybersecurity news article is powered by UpGuard Breach Risk — continuous attack surface monitoring for your organisation and supply chain.

How secure is National Association for Drug Abuse Problems (NADAP)?

NADAP is a New York-based non-profit organization dedicated to helping underserved individuals achieve self-sufficiency by providing a comprehensive range of healthcare coordination, substance use assessment, health insurance enrollment, and employment services.
  • Check icon
    View our free preliminary report on National Association for Drug Abuse Problems (NADAP)’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View National Association for Drug Abuse Problems (NADAP)'s score
View score
https://www.nadap.org/
Security ratings
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.

Latest news

Stay up-to-date with the latest news in cybersecurity.
Dutch Ministry of Finance Investigating Cyberattack

Dutch Ministry of Finance Investigating Cyberattack

A data breach involving government.nl was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 23, 2026
Data breach reported for Quatrro Business Support Services

Data breach reported for Quatrro Business Support Services

A data breach involving QBSS was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 23, 2026
Checkmarx Investigating Cyberattack

Checkmarx Investigating Cyberattack

A data breach involving Checkmarx.com was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 24, 2026
Data breach reported for Mark Leyden & Associates

Data breach reported for Mark Leyden & Associates

A data breach involving mlassoc.com was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 24, 2026
QualDerm Partners Data Breach

QualDerm Partners Data Breach

A data breach involving QualDerm Partners was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 24, 2026
Mazda Motor Corporation Data Breach

Mazda Motor Corporation Data Breach

A data breach involving Mazda Motor was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 24, 2026
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating