NADAP Data Breach Exposes Sensitive Health, Financial Data of 90,000 Clients and Staff

A major data breach at the National Association on Drug Abuse Problems (NADAP) has compromised the highly sensitive personal and medical information of up to 90,000 individuals. The New York-based nonprofit confirmed that unauthorized access to its network, detected in mid-January 2026, exposed files containing a devastating combination of protected health information, Social Security numbers, and financial data belonging to clients, employees, and related individuals.

The breach, which prompted an immediate internal investigation, was found to involve a wide array of personal identifiers. The compromised files contained names, dates of birth, health insurance details, medical treatment and diagnostic information, and tax or financial records. The specific data points vary per victim, but the breach creates a significant risk of identity theft and medical fraud for a vulnerable population seeking substance abuse support.

NADAP has stated it is implementing additional security measures and has begun notifying affected individuals. The incident places intense scrutiny on the cybersecurity protocols of healthcare-adjacent nonprofits handling extremely sensitive data. It raises critical questions about data stewardship in the substance abuse treatment sector and underscores the severe consequences when such deeply personal information falls into unauthorized hands.