December 13, 2023 at 05:31AM
Close to a million records containing personally identifiable information of donors to non-profits were exposed in an online database owned by DonorView, provider of a fundraising platform for schools, charities, and religious institutions. The exposed data included donor names, addresses, phone numbers, emails, and payment methods, raising concerns about potential phishing attacks and fraudulent donation requests.
Based on the meeting notes, the key takeaways are:
1. A database owned by DonorView, a cloud-based fundraising platform, was found to have exposed nearly a million records containing personally identifiable information of donors to non-profits, including names, addresses, phone numbers, emails, payment methods, and more.
2. Information security researcher Jeremiah Fowler discovered that the exposed data also contained information about children, including their names, medical conditions, attending doctors, and permissions for using their images in marketing materials.
3. DonorView, which claims to have over 150,000 users, including major organizations such as Habitat for Humanity and Meals on Wheels America, did secure the database after receiving a disclosure report from Fowler. However, it remains unclear for how long the information was exposed and whether unauthorized parties accessed the data.
4. The incident highlights the importance of securing databases to prevent potential phishing attacks against donors whose information was exposed. Fowler emphasized the risk of criminals posing as charities or causes previously supported by the donors to initiate fraudulent donation requests, potentially obtaining credit card and banking information.
5. The exposed database contained donor templates that could be used for creating fraudulent communications with donors, posing a significant risk of fraud due to the insider knowledge and detailed donor history available to potential scammers.
Let me know if you need any further information or any additional details from the meeting notes.