What happened
Salvation Army donor data breach exposes millions of donation records after attackers leaked a database allegedly containing 93 GB of information. The exposed data reportedly includes donor names, phone numbers, home addresses, donation amounts, and transaction details linked to at least 1.6 million records. Researchers noted that the data was shared on a dark web forum, raising concerns about misuse and fraud.
Who is affected
Donors to the Salvation Army, primarily in the United States, may face increased risk of phishing, impersonation scams, and identity theft. The breach could also impact donor trust and the organization’s reputation if exploited for fraudulent fundraising campaigns.
Why CISOs should care
Nonprofits handle large volumes of sensitive personal data but often operate with limited security resources. This incident highlights how donor databases are attractive targets and how breaches can enable large-scale social engineering and financial fraud.
3 practical actions:
- Access control enforcement: Limit and monitor access to donor databases to prevent unauthorized extraction.
Dark web monitoring: Watch for leaked donor or organizational data to enable faster response. - Incident communication planning: Prepare clear donor notification and fraud-prevention guidance in advance.