SURVIVORS

A nonprofit organization lost control of their Instagram account, a critical platform for their online presence. The loss of access to their Instagram account threatened to undermine the organization's credibility and disrupt their general activities. As their flagship online presence, the account's absence threatened to damage their reputation and hinder their ability to engage with supporters and the public. The incident began with a spear phishing attack via email, which appeared to come from Instagram. Two days after the attack, cybercriminals contacted the organization via WhatsApp, claiming responsibility and demanding a ransom to restore access. The attackers had altered the account’s email address, password, and phone number, ultimately disabling it.

Adapted from The CyberPeace Institute, December 2021

A prominent nonprofit organization, known for its global operations and significant revenues, fell victim to a cyberattack carried out by a ransomware gang. The attack resulted in the theft of more than 6.8TB of sensitive data, including 800GB of financial records, email communications, HR files, and personal data, which included medical and health information. The exposure of this data possibly impacted the nonprofit’s operations, endangered their privacy, and damaged its reputation, potentially affecting its ability to function across its 116-country network. The ransomware gang known for targeting critical infrastructure and healthcare organizations, claimed responsibility for the attack. Although the charity wasn’t directly named, a post on the gang’s dark web data leak site described the victim as "the world’s leading nonprofit" with US$2.8 billion in revenues.

Adapted from The Record, September 2023

A nonprofit organization focused on exchanging reusable items to reduce landfill waste suffered a significant data breach. The breach affected 7 million of the nonprofit's members, with sensitive information being sold on the dark web. The breach also reportedly included the data of the organization's executive director. The stolen data was available on the dark web for months, before discovered. The specific method used by the malicious actor to infiltrate the organization’s network remains unknown. Members have been cautioned not to interact with suspicious emails by clicking on links or downloading files.

Adapted from SecurityWeek, September 2023

An USA-based healthcare plan provider faced serious repercussions after a cyberattack compromised the sensitive data of millions. The breach exposed the protected health information of 3,180,537 individuals, including Social Security numbers and health records. The fallout from this exposure has resulted in multiple class action lawsuits, which could further damage the organization’s reputation and financial stability, potentially disrupting its ability to provide healthcare services. The attack was carried out by the Clop threat group, who exploited a zero-day vulnerability in the MOVEit Transfer file transfer solution. This vulnerability allowed the cybercriminals to access and steal the organization’s sensitive data.

Adapted from The Hippaa Journal, September 2023

A Switzerland-based non-governmental organization, which provides conflict-related data to humanitarian groups, faced a disturbing cyberattack. Employees began receiving unsolicited pornographic material on their smartphones, causing distress and disruption. Additionally, the organization’s website was taken offline due to a denial-of-service (DoS) attack, hindering its ability to share critical data with humanitarian partners. The incident has shaken the organization's sense of security, as they previously believed their remote operations from neutral Switzerland offered them protection from such threats. Attackers launched phishing emails at the organization's employees, alongside the DoS attack. The organization's director described the incident as "a wake-up call," underscoring how their operations, despite being remote, are vulnerable to cyberattacks.

Adapted from The CyberPeace Institute, December 2022

A nonprofit organization responsible for blood donations experienced a serious data breach that exposed the personal health information (PHI) of over 550,000 individuals. The breach, caused by mishandled data, has led to a noticeable decline in blood donors. This not only threatens the lives of individuals who rely on these donations but also risks damaging the organization's ability to function effectively. The reputational damage and erosion of public trust could devastate donor relationships and jeopardize the organization’s future operations. The data leak occurred due to human error and poor data management. A contracted third party, responsible for developing and maintaining the organization’s website, left donor information unsecured on a development site. This oversight exposed sensitive donor data to the public.

Adapted from the OAIC, August 2017

A nonprofit organization providing medical and humanitarian aid globally faced a security breach involving one of its servers based in Spain. The breach raised concerns about unauthorized access to the organization’s data, which could potentially compromise sensitive information. The extent of the information accessed remains unclear, but the incident highlights significant risks to the organization's data security and operational integrity. An advertisement surfaced offering access to the compromised server. A screenshot from the hacker indicated they had accessed a web panel for Citrix used by the Spanish branch of the nonprofit, which might have allowed them remote access to the organization’s data.

Adapted from Forbes, January 2022

A Dutch NGO focused on raising funds for humanitarian disasters was targeted by a cyberattack. The attack involved phishing emails sent to potential and current donors, misleading them into believing they were contributing to aid for Ukraine. Instead, the bank account listed in the phishing emails belonged to cybercriminals, not the NGO. This incident jeopardized donor funds and required the organization to implement additional cybersecurity measures to address the threat. The cyberattack utilized phishing emails to deceive donors, directing them to a fraudulent bank account. The NGO had to take extra steps to enhance its cybersecurity and mitigate the impact of the phishing campaign.

Adapted from Digital Trust Center, August 2023