The woman, who did not want to be named for fear it would affect her own CYF case, is horrified that details regarding a vulnerable child could be leaked.
"This is supposed to be an agency protecting our children. If this went into the wrong hands there could be big trouble.
"[The people who wrongly received the information] could go and take this kid out, they could just go and uplift him. It's got his birthdate on it, someone could steal his identity. They know his court dates, they could turn up at court and cause trouble. This is ridiculous."
Midlands Child, Youth and Family regional director Sue Critchley said the ministry was told about the breach on Friday.
"We are currently looking into how this breach occurred, and have been in contact with the letter's recipient to arrange to retrieve the document and thank her for bringing it to our attention.
"I'm sorry that private information in our hands passed to a third party. It should not have happened."
Breaches were rare, but taken "extremely seriously".
Everyone affected had received an apology, she said.
The woman who mistakenly received the boy's personal information believed the breach wasn't isolated.
She posted what happened on two Facebook groups and had close to 100 people respond, many saying they had had similar experiences.
One woman posted that she had been wrongly sent information about a girl who had been raped by her father.
The woman wanted CYF to launch an investigation and remedy their privacy processes to ensure this can't happen again.
"I want them to investigate it properly, not brush it under the carpet. They need to really look at where they put all the paperwork and who sends it out.
"It's unacceptable. There are no excuses."
