90,000 Americans at Risk After NADAP Cyberattack Exposes Sensitive Data

Tens of thousands of Americans are at risk of identity theft after a cybersecurity breach at the National Association on Drug Abuse Problems (NADAP).

The U.S. Department of Health and Human Services Office for Civil Rights confirmed the hacking incident affected 90,000 people.

NADAP disclosed that an unauthorized actor accessed its systems around January 10, 2026, stealing sensitive files containing names, Social Security numbers, birthdays, medical histories, health insurance details, and financial data.

The New York-based firm provides substance abuse treatment referrals, job training, and employment services. It has reported the breach to law enforcement and is working with cybersecurity experts to secure its network.

Affected individuals are urged to monitor their financial and medical accounts for suspicious activity.