Convio, one of the larger Internet donation service providers for charities, was recently hacked and a significant number of donor email addresses and passwords were compromised. Major NGOs using the company's services including CARE and the American Red Cross were among the victims. More commentary on the story is here.
This incident demonstrates the potential for data vulnerability when relying on outsourced IT services. It also shows that a large number of humanitarian organizations were negligent in not notifying donors after the information security breech occurred. While no credit card information was compromised, a risk still exists that stolen information could be used to access banking, retail and other online services. Management should have contingency plans in place to quickly notify donors of any data compromise. Transparency in situations like this is critical.
This incident demonstrates the potential for data vulnerability when relying on outsourced IT services. It also shows that a large number of humanitarian organizations were negligent in not notifying donors after the information security breech occurred. While no credit card information was compromised, a risk still exists that stolen information could be used to access banking, retail and other online services. Management should have contingency plans in place to quickly notify donors of any data compromise. Transparency in situations like this is critical.
