Major data leak exposes sensitive records of donors of multiple charities
Learn More
A massive data leak has exposed the sensitive records of numerous charity donors, with nearly a million records from a donor platform found online without password protection. Cybersecurity expert Jeremiah Fowler discovered the unprotected database, which another researcher confirmed contained over 948,000 records and spanned more than 465GB, likely linked to DonorView, a software provider for nonprofits.
The breach included a variety of file types such as .xlsx, .csv, and PDFs, revealing sensitive information including
- payment methods like PayPal, Venmo,
- payroll deductions,
- checks,
- credit card details.
- transaction details,
- completion statuses,
- donation frequencies
The data set also exposed identifiable information such as:
- names,
- addresses,
- phone numbers,
- emails in many documents,
with one containing contact details of over 70,000 individuals, presumably donors. The leaked data could be exploited by criminals to impersonate charities and commit fraud, or for phishing, identity theft or even extortion.
Charity donors are advised to be vigilant against suspicious emails or phone calls requesting personal or payment information. Following Fowler’s notification, the database was removed from public access, though DonorView has yet to issue a formal response.
