Harbor Developmental Disabilities Foundation, doing business as Harbor Regional Center, has disclosed a data breach affecting people it serves, children and adults with developmental disabilities across Los Angeles County. According to the California Attorney General filing and an independent report to the U.S. Department of Health and Human Services, a single compromised email account exposed sensitive personal and medical information for 2,287 individuals.
The breach occurred between March 6 and March 7, 2026. Harbor Regional Center reported it to federal health regulators on April 22, 2026, and filed notice with the California Attorney General on July 13, 2026, roughly four months after the incident occurred.
About Harbor Regional Center
Harbor Regional Center is a state-contracted nonprofit that coordinates care, services, and support for developmentally disabled children and adults throughout Los Angeles County. Because it manages care-coordination records, the information it holds is unusually sensitive, it doesn’t just identify a person, it can identify their diagnosis, their caregivers, and the services they rely on.
What Information Was Exposed?
Based on the available filings, the compromised information includes:
- Full Name
- Address
- Full Date of Birth
- Full Social Security Number
- Medical / Health Information
- Insurance Identifiers
What Is Harbor Regional Center Offering Affected Individuals?
Harbor Regional Center has stated it is offering complimentary credit monitoring to affected individuals and has reported resetting passwords and implementing additional safeguards on the affected account. If you or someone you care for received a notification letter, review it for enrollment instructions and any deadlines that apply.
Why This Breach Deserves Extra Attention
The people Harbor Regional Center serves are, by definition, a population that often depends on a parent, guardian, or conservator to notice fraud, respond to a notification letter, or take protective action on their behalf. A breach that exposes a Social Security number, date of birth, and detailed medical and insurance information for this community is a serious matter, both because of the sensitivity of the data and because of who it belongs to.
If you are a parent, guardian, conservator, or family member of someone served by Harbor Regional Center, you may need to act on that person’s behalf. Affected individuals and their families should:
- Enroll in the complimentary credit monitoring offered in the notification letter
- Consider a credit freeze for both the affected individual and any guardian/conservator whose information may also be involved
- Watch for unfamiliar medical bills, insurance claims, or collection notices
- Report any suspicious activity to Harbor Regional Center and to the credit bureaus
Do You Have Legal Options?
Organizations that coordinate care for a vulnerable population have a heightened responsibility to safeguard the personal and medical information entrusted to them. When that information is exposed, affected individuals and their families may have legal rights and remedies worth discussing with an attorney.
Contact the Data Breach Attorneys at Emery | Reddy today for a Free Case Review.
FAQ
How many people were affected by the Harbor Regional Center data breach?
2,287 individuals, according to Harbor Regional Center’s report to the U.S. Department of Health and Human Services.
What information was exposed?
Full name, address, date of birth, Social Security number, medical/health information, and insurance identifiers.
How did the breach happen?
According to Harbor Regional Center, a single email account used to coordinate care was compromised between March 6 and March 7, 2026.
I’m a parent or guardian of someone served by Harbor Regional Center, what should I do?
Enroll the affected individual in the complimentary credit monitoring offered, consider a credit freeze, watch for unfamiliar medical or insurance activity, and consider speaking with a data breach attorney about your options.