Nonprofit nightmare: Data breach exposes 10,000 donors’ financial records

Insureon Staff.
By Insureon Staff
Updated: November 4, 2015
If your nonprofit accepts online donations, your donors' personal information is at risk. To prevent and contain data breaches, consider beefing up cybersecurity and purchasing cyber liability coverage.
Stressed out woman sitting at her desk.

It’s a scenario that might leave any nonprofit director in a cold sweat: the personal and financial information of more than 10,000 donors stolen in a single data breach. That filched data includes:

  • Names
  • Addresses
  • Email addresses
  • Credit card numbers

How does a nonprofit come back from that?

That’s the question Utah Food Bank had to answer earlier this year, according to the cybersecurity publication SC Magazine. The report states an unauthorized individual gained access to the information of 10,385 donors through the food bank’s donation web page.  

In many states – Utah included – a business or organization that experiences a data breach must notify the affected individuals and offer free credit monitoring services. SC Magazine reports Utah Food Bank offered a year of credit monitoring and identity restoration services to the people whose data was pilfered.

If you run a nonprofit, this situation is one you hope to never face. Notifying the affected donors and paying for their credit monitoring comes at a big cost to your organization. But what’s worse is the long-term effect the event might have on future donations if people don’t feel safe using your website.

Cybersecurity: a fine line for nonprofits

When it comes to cybersecurity, nonprofit organizations are in a difficult position. On one hand, online donations allow nonprofits to reach the most donors. It allows for more convenient donations and increased marketing opportunities. On the other hand, accepting payments online means that the nonprofit is responsible for securely storing and handling all that data. And cybersecurity isn’t necessarily cheap.

To best be prepared for the responsibility that comes with online donations, your nonprofit’s board of directors is going to have to have a game plan that addresses cybersecurity concerns.

Ideally, you might look for an experienced IT consultant to offer their services pro bono to help improve your organization’s security. But don’t be afraid to invest in cybersecurity in whatever way you can. If people think that their credit card information isn’t safe with your organization, they’ll stop donating in an instant, and that's something you just can't afford.

Cyber liability insurance for nonprofits

You should do what you can to manage your nonprofit's data breach risks from the outset, but even with top-of-the-line security in place, accidents and oversights can still happen. There's simply no infallible way to account for human error.

As a last line of defense, consider purchasing cyber liability insurance. When your security measures aren't enough to stave off a breach, cyber liability coverage can help your nonprofit recover by paying for:

  • Donor notification costs
  • Legal expenses
  • Credit-monitoring services
  • Good-faith advertising

The bottom line: technology is a double-edged sword. A website can make the donation process easier, but it opens your organization up to more responsibilities and risks. Make sure your nonprofit is prepared for the possible downfalls that come with convenience.

Compare quotes from trusted carriers with Insureon

Complete Insureon’s easy online application today to compare insurance quotes from top-rated U.S. carriers. Once you find the right policy for your small business, you can begin coverage in less than 24 hours.

Related Topics:
Human & social servicesNonprofitsData securityCyber liability insurance
Get business insurance quotes from trusted carriers
What kind of work do you do?
Or call us at (800) 688-1984