December 15, 2023

Nearly one million donor records were discovered in an unprotected online database owned by DonorView, a cloud-based donor management tool used by more than 200,000 nonprofit organizations. A cybersecurity researcher discovered the exposed data and reported to DonorView in early October. The data was secured several days later, but it is not clear how long it was openly available.

The data included non-password-protected Excel, CSV, and PDF files and contained detailed information on donors, including contact information, amounts donated, payment methods, and donation history. The exposed database also contained email templates used to communicate with donors, which would provide bad actors with templates for conducting phishing scams.

What to do now

If your organization uses DonorView, consider outreach to your donors and advise them of potential exposure. Get advice from counsel on the best way to do this.

If you donate to charity, check with your charitable organizations to see if you might be at risk. If you may have been exposed to a breach, at a minimum you should change your passwords to financial sites and monitor your accounts for signs of fraud. Verify any new emails you receive from your charities.

Take proactive steps now before a breach happens.

  • Secure your data backups
  • Password protect all sensitive information
  • Conduct a third party risk assessment ASAP

Need help?

Read our Guide to Third Party Risk Management, or review our Third Party Risk Management Checklist, or contact us for a cybersecurity consultation.