Hacker Compromises Database Services Provider

A hacker stole personal data of donors attached to 92 charities by accessing the system that held the information, with a password of an employee for Convio, the provider of database services that the charitable organizations shared.

Of the charities affected, the American Museum of Natural History, the American Red Cross, and CARE were the prominent cases. Spokeswoman Stephanie Millian of Red Cross said that around 278,000 e-mail addresses along with a few passwords were captured from a Red Cross Website that promoted the cause of blood donation. The Website ran on a Convio program, reported Dark Reading on November 28, 2007. Millian also said that the Red Cross had informed all the affected users on November 14, 2007, adding that it was fortunate to face theft of only e-mail IDs and passwords while the more important information was spared.

One other group, United Animal Nations, was also affected. The group's President and CEO Nicole Forsyth said that they notified the breach to a few of its 20,000 members, as per report by United Press International on November 27, 2007.

The announcement of the data breach was coincided with the start of the season for 'year-end giving'. During this time, donors offer their gifts over the Internet. However, some charities did not want to disclose the news because they feared it could influence the donations.

So far, no evidence has arisen that could indicate use of the information for committing fraud but many of the charities have advised its donors to change their password. Austin, Tex-based Convio, which is primarily engaged with charities, became aware of the breach on November 1, 2007 and informed its clients after two days, spokesman Tad Druart said in a statement published by The New York Times on November 27, 2007.

Of the 1,200 clients of Convio, only those which used the GetActive software of Convio suffered the data hack, said Druart in another statement that The Associated Press published on November 28, 2007. This was the first incident of online security compromise at the company, Druart added.

The company said it was investigating the case.

Related article: Hacker & Virus in MySpace

» SPAMfighter News - 12/7/2007