Recently, nearly one million donor records were discovered in an unprotected online database owned by DonorView, a cloud-based donor management tool used by more than 200,000 nonprofit organizations. A cybersecurity researcher discovered the exposed data and reported to DonorView in early October and, although the data was secured several days later, it is unclear how long the information was openly available.
The data included non-password-protected Excel, CSV, and PDF files and contained detailed information on donors, including contact information, amounts donated, payment methods, and donation history. The exposed database also contained email templates used to communicate with donors, which would provide bad actors with templates for conducting phishing scams.
If your organization uses DonorView, consider contacting to your donors and advising them of a potential exposure. You may suggest for donors to change passwords to financial sites and monitor their accounts for signs of fraud.