SURVIVORS

A nonprofit organisation lost control of their Instagram account, following a spear phishing attack via email that appeared to come from Instagram. Two days after the request submission, cybercriminals reached out to organisation via WhatsApp claiming that they had taken control of the Instagram account and demanded a ransom to restore access to the account. The cybercriminals had changed the email address, password and phone number linked to the account and disabled it. Losing access to the account meant losing control over their flagship online presence and carried potential to damage to their credibility, as well as the potential to hurt the general activities of the organisation.

A nonprofit dedicated to providing clean water in the APAC region, including India, was recently targeted by a ransomware attack orchestrated by a cybercriminal group. This group, operating a ransomware-as-a-service model, threatened to release stolen information unless they received a $300,000 extortion fee. These attacks not only cause immediate operational delays but can also lead to long-term data integrity issues, impacting donor trust and funding.

A ransomware gang has claimed responsibility for a cyberattack against a prominent nonprofit organisation. The gang, which has been active since June 2022 and typically targets critical infrastructure and healthcare organizations, has previously extorted these entities for their data. Although the charity was not directly named by the ransomware gang, a post on its dark web data leaks site described the target as “the world's leading nonprofit” with US$2.8 billion in revenues and operations in 116 countries. According to the ransomware gang, they stole more than 6.8TB of data, including 800GB of financial records, email messages, international HR files, and personal data, including medical and health information.

A nonprofit organisation focused on exchanging reusable items to divert them from landfill has recently experienced a data breach impacting 7 million of its members. The breach was discovered on August 30, although the stolen data has been available for sale on the dark web since May 30. The database for sale allegedly included the data of the organisation’s executive director. Victims of the data breach were reminded not to click on links or download files from emails with unknown senders. It has not yet been made public how the malicious actor gained access to the organisation’s network.

A hunger relief organisation based in the United States was scammed out of more than $923,000 when cyber attackers withheld legitimate emails from a construction company through a phishing campaign. The attackers sent a fake invoice on behalf of the company, which the organisation paid. An attack like this not only results in substantial financial loss but also undermines trust in the organisation's operations and can severely impact its ability to deliver essential services.

In Ohio-based healthcare plan provider, is facing multiple class action lawsuits following a cyberattack by the Clop threat group, which exploited a zero-day vulnerability in the MOVEit Transfer file transfer solution. This breach exposed the protected health information of 3,180,537 individuals, including sensitive data such as Social Security Numbers and health information.

Employees of a Switzerland-based non-governmental organisation that provides conflict-related data to humanitarian groups began receiving pornographic material on their smartphones. Attackers attempted to launch phishing emails at the organisation's employees, and the organisation experienced its website being taken offline in a denial-of-service (DoS) attack. The incident was described as "a wake-up call" by the organisation's director, who explained that they had previously felt safe operating remotely from neutral Switzerland without any in-country operations that might expose them to attacks.

In January, an advertisement appeared offering access to a server based in Spain belonging to a nonprofit organisation that provides medical and humanitarian aid globally. A screenshot showing the hacker’s access indicated they had gained access to a web panel for Citrix used by the Spanish arm of the nonprofit, potentially allowing remote access to the organisation’s data. This incident involved a type of cyberattack known as unauthorized server access. The extent of the information accessed remains unclear.

In 2016, the personal health information (PHI) of more than 550,000 individuals who donated blood had been leaked. The incident was the result of human error as well as poor data handling and storage. The file, containing donor information, was located on a development website that was left unsecured by a contracted third party who develops and maintains the organisation’s website. The organisation has noticed a decrease in their numbers of blood donors. As such, data leaks not only threaten but often harm the lives and livelihoods of real people. Furthermore, the reputational damage and erosion of public trust stemming from such incidents could irrevocably devastate donor relationships and the viability of future operations.