A recent data breach involving a UN Women database has raised alarms about the dangers of poor data security in the charity sector. The exposed database contained over 115,000 files, totaling 228 GB of sensitive information, including financial reports, staff details, scanned identification documents, and personal testimonies of individuals helped by aid programs. The database, which was left unprotected without encryption or password security, exposed the personal details of thousands, making them vulnerable to privacy violations and potential exploitation.
The breach also included internal records of civil society organizations, such as application statuses, eligibility details, and confidential internal communications. One of the most disturbing aspects of the leak was a letter from a Chibok schoolgirl who was one of the 276 students kidnapped by Boko Haram in 2014, raising concerns about the safety of survivors and aid recipients.
While charities and non-profits work to support vulnerable individuals, data breaches can severely compromise the safety of these groups. Cybersecurity experts are now emphasizing the importance of securing information held by humanitarian and non-profit organizations. However, it’s not only up to organizations to prioritize security—individuals must also take steps to safeguard their own data.
Risks Posed by Charity Data Breaches
When charities experience data breaches, the risks to individuals can be severe, especially when sensitive personal information is involved. Some of the key risks include:
- Identity Theft and Fraud: Exposed information such as scanned passports, ID cards, and tax records can lead to identity theft, where criminals use the stolen information to open accounts or make fraudulent transactions.
- Personal Safety Risks: In cases where aid recipients are survivors of violence or persecution, exposed details can endanger their safety. As seen in the UN Women breach, information about those helped by aid programs, if accessed by malicious actors, can lead to potential retaliation or harassment.
- Financial Exploitation: If donor information is leaked, it could expose donors to fraudulent schemes. Cybercriminals often use leaked email addresses or contact information to carry out phishing scams, posing as charities to solicit money.
- Reputation Damage and Loss of Privacy: Leaked records can lead to a loss of privacy, potentially affecting individuals’ reputations or causing emotional harm. Aid recipients who shared personal stories or testimonies with charities may find those details exposed to the public without their consent.
How to Protect Yourself
While it’s primarily the responsibility of charities to secure their databases, there are steps you can take as an individual to protect yourself in case of a data breach:
- Be Cautious with Personal Information: Before sharing sensitive data such as identification documents or personal stories, understand the charity’s data privacy policy. Reputable organizations should have clear guidelines on how they protect your information.
- Use Secure Email Practices: If you need to share documents electronically with a charity, use secure methods such as encrypted email or document-sharing services with password protection. Avoid sending sensitive information over unencrypted or public channels.
- Monitor Your Financial Accounts: Regularly review your bank and credit card statements for unauthorized transactions. If you’ve donated to a charity that has experienced a breach, consider placing alerts on your accounts to quickly catch any suspicious activity.
- Be Wary of Phishing Scams: After a data breach, attackers often exploit leaked information through targeted phishing attempts. Be cautious of emails or phone calls requesting personal details or donations. Verify any communications by directly contacting the charity through their official website or phone number.
- Limit the Information You Share: Where possible, share only the necessary information. For example, when making donations, use payment methods that limit exposure, such as a secure online portal or a dedicated charitable giving service.
- Request and Stay Informed About Data Breaches: If you’ve shared personal data with an organization, don’t hesitate to inquire about how your information is protected. In the event of a breach, organizations are often required to notify affected individuals. Make sure your contact details are up to date with the charity to stay informed.
A Lesson for Charities and Individuals
The recent UN Women data breach underscores the importance of strong data protection measures within charities and non-profits. However, it also serves as a wake-up call for individuals to be vigilant with their personal data and take proactive steps to safeguard their information. While charities must prioritize data security to fulfill their mission of helping vulnerable communities, individuals should also remain cautious and informed to protect their privacy and safety in an increasingly digital world.