Fundraising websites can be great tools for raising awareness and money in no time. But what happens when the fundraising effort is controversial, and the website hosting it gets caught in the middle? It gets hacked three times in two weeks.
The Internet Society ("ISOC"), an American nonprofit that focuses on “empowering people to keep the Internet a force for good”, announced a data leak this week. First reported by Bob Diachenko on December 8th of last year, the leak was caused by a lack of encryption on a Microsoft Azure Blob repository. As a result, the PII of ISOC’s 80,000 members was left fully exposed, including full names, mailing addresses, email addresses, login details, social media profiles, and even financial donation records. ISOC has blamed the incident on MemberNova, a member portal management platform, and has since corrected the configuration issue and restored its systems to normal operations.
Swissport, a private company that manages airport ground and cargo operations in 50 different countries, has been hit with a ransomware attack by the hacking group BlackCat, aka ALPHV. 1.6 terabytes of data were stolen, including scans of passports and detailed information on job applicants, including their religion in a very curious binary format of “Muslim / Non Muslim”. Swissport, which has 66,000 employees worldwide, has since reported that the attack has been contained. It remains unclear as to whether any ransom was paid, or what will continue to happen with the stolen data that has already been partially distributed online.
Christian fundraising website GiveSendGo has suffered its third data leak in two weeks after hackers extracted the PII of 92,000 donors to the Canadian “Freedom Convoy” trucker protests. The stolen data was almost immediately sent by the hackers to Distributed Denial of Secrets, a popular whistleblower website, though it remains a mystery who was behind the attack. Freedom Convoy’s fundraising page is still active on GiveSendGo and has raised $9.5 million from 109,000 donors as of Thursday afternoon. GiveSendGo founder Jacob Wells has since slammed Canadian Prime Minister Justin Trudeau’s administration, calling it a “group of terrorists” and has called on the FBI to help investigate the attack.
Texas Attorney General Ken Paxton is suing Facebook, alleging that the company’s biometric data collection practices violated state privacy laws. In a press release, Mr. Paxton’s office wrote that “Facebook exploited the personal information of users and non-users alike to grow its empire and reap historic windfall profits.” Specifically, Texas is citing violations of the Capture or Use of Biometric Identifier Act and the Deceptive Trade Practices Act, which come with penalties of up to $25,000 and $10,000 per violation, respectively, potentially tallying up to billions of dollars. Facebook has said that the lawsuit is “without merit”.
Google has announced sweeping privacy changes that will limit, but not eradicate, user tracking across apps on its Android devices. This news comes just weeks after Facebook announced $10 billion in losses due to Apple’s very similar, and rather sudden, privacy changes. While this all may seem like a perfect storm for Facebook, Google has said that it will take at least two years before the changes go into full effect, giving advertisers plenty of time to adjust. Facebook has voiced support for the announcement, calling it “encouraging to see this long-term, collaborative approach to privacy-protective personalized advertising”.
Want to receive this newsletter weekly? Subscribe for the latest news on data breaches and privacy legislation.