In September 2024, **Food for the Poor Inc.**, a charitable organization, suffered a **cyberattack** that resulted in the **leak of confidential, sensitive, and private information** belonging to its **employees and donors**. The breach exposed personal data, prompting a proposed **class-action lawsuit** alleging negligence. However, a **federal court dismissed the case**, citing deficiencies in the plaintiffs' claims, including a lack of evidence supporting an **implied breach of contract** since the affected individuals did not directly provide their information to the organization for secure storage. Despite the legal dismissal, the incident highlights significant **data exposure risks** for nonprofits handling donor and employee records, with potential long-term **reputational and financial repercussions** due to the unauthorized disclosure of sensitive information.
Food For The Poor cybersecurity rating report: https://www.rankiteo.com/company/food-for-the-poor
"id": "FOO5292852111825",
"linkid": "food-for-the-poor",
"type": "Cyber Attack",
"date": "9/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': ['employees', 'donors'],
'industry': 'International Relief/Humanitarian Aid',
'location': 'Southern District of Florida, USA (HQ in '
'Coconut Creek, Florida)',
'name': 'Food for the Poor Inc.',
'type': 'Non-profit/Charitable Organization'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Likely (based on '
'context)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['confidential information',
'sensitive information',
'private information']},
'date_detected': '2024-09',
'description': 'A September 2024 cyberattack on Food for the Poor Inc., an '
'international charitable organization, resulted in the leak '
'of confidential, sensitive, and private information belonging '
'to employees and donors. A proposed data breach class action '
'was dismissed by a federal court due to deficiencies in the '
"plaintiffs' claims, including failure to establish an implied "
'breach of contract for the handling of personal information.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'leaked sensitive data',
'customer_complaints': 'Class action lawsuit filed (later '
'dismissed)',
'data_compromised': ['confidential information',
'sensitive information',
'private information'],
'identity_theft_risk': 'High (sensitive and private information '
'exposed)',
'legal_liabilities': 'Proposed class action dismissed; no fines or '
'legal actions confirmed'},
'initial_access_broker': {'high_value_targets': ['employee data',
'donor data']},
'investigation_status': 'Legal proceedings dismissed; no further details on '
'technical investigation',
'references': [{'source': 'US District Court for the Southern District of '
'Florida (Judge Ed Artau)'}],
'regulatory_compliance': {'fines_imposed': 'None (case dismissed)',
'legal_actions': 'Proposed class action dismissed '
'(deficiencies in claims)'},
'title': 'Food for the Poor Inc. Data Breach (September 2024)',
'type': 'Data Breach'}