-
Personal details of millions of Salvation Army donors are now exposed, with more than 93GB of the charity’s internal data allegedly dumped online.
-
The hackers leaked records covering over 1.6 million gifts, which together reveal names, mailing addresses, telephone numbers, and donation amounts.
-
A new group called Interlock claims they did it. This is the second time the charity’s been hit this year.
A beloved charity has been seriously hacked. Millions of its donors’ personal details are now for sale.
The Salvation Army faces a major data breach. Cybercriminals posted sensitive donor information on the dark web.
The scope of the stolen data
The Interlock ransomware gang is behind this attack. They boast about stealing 93GB of data from the charity. Researchers have verified their claims.
The leak consists of Microsoft SQL Server database backups. The names of these files point to financial data. One backup alone holds 1.6 million donation transactions worth up to tens of millions of dollars.
The exposed records are highly detailed. They contain donors’ full names and phone numbers.
Home addresses and specific donation amounts are also included. The data structure reveals a comprehensive donor list. Evidence suggests most affected individuals are U.S. residents.
Risks to generous donors
This data leak is a goldmine for scammers. It enables highly targeted and convincing fraud. Identity theft is a clear and present danger.
Criminals could use real credentials for fraudulent tax returns. But security experts warn of a more likely scheme. Donors may face sophisticated impersonation scams.
Attackers could pose as the Salvation Army itself. They would exploit trust to steal more money. This directly targets people’s proven generosity.
Studies show charitable individuals often give to multiple causes. Criminals know this behavioral trend. They might also use the data to impersonate other charities.
A persistent threat to charities
This is the Salvation Army’s second ransomware incident this year. The “Chaos” cartel claimed a breach in late May. The charity is a massive global target.
It reported nearly $5 billion in revenue last year. The organization has been successful in helping those less fortunate than others in 134 countries around the world.
The new attacking group, Interlock, is gaining traction. First seen in September last year, they work independently. They focus on opportunistic double extortion attacks. Their criminal portfolio shows a wide net, from stealing sensitive donor lists to targeting critical infrastructure, as seen in the ransomware attack that stole and listed Comcast’s network plans on the dark web.
The gang often gets in through hacked websites. Social engineering tricks are another common method. Their dark web blog shows they are very active.
Interlock has victimized at least 66 organizations in 12 months. They hit a peak of activity in June and August. Earlier this year, they hit the city of St. Paul.
They also attacked Ohio’s Kettering Health Network. That healthcare breach canceled thousands of patient procedures. This pattern of targeting essential organizations is global, with groups like RansomHouse similarly breaching major industrial firms such as Italian textile giant Fulgar. The Salvation Army hasn’t put out a statement yet.
Updates regarding the incident will be provided should any new developments surface. Donors should monitor accounts for suspicious activity. Unwanted fundraising messages should be avoided.
Data breaches aren’t going to disappear overnight; if anything, they’re probably going to get worse. That’s just life online now. But panicking won’t help. The smarter move? Get strategic and stay a step ahead of hackers.
Everybody’s got a role here, not just big companies. As break-ins become more common, you don’t just hope for the best. You get a better lock, maybe an alarm. Toughen up your digital defenses and pay closer attention.
