A series of significant data breaches within non-profit organizations and charity agencies have underscored the urgent need for better cybersecurity practices in the sector. These incidents have exposed personal and financial data of donors, staff, and vulnerable individuals receiving aid, raising questions about how these organizations are securing sensitive information.

One recent breach involved a database linked to UN Women, which left over 115,000 files—totaling 228 GB of data—unprotected. The exposed database, which lacked both password protection and encryption, contained critical information like financial records, scanned identification documents, internal files, and personal testimonies. Notably, the breach included confidential details about civil society groups and vulnerable individuals, including survivors of violence.

This incident echoes previous breaches. In 2023, a breach at an international children’s charity exposed thousands of records, including donors’ financial details and the home addresses of staff members. In another high-profile case in 2021, a refugee support organization suffered a breach that revealed the identities and private stories of individuals fleeing conflict, highlighting the risks that non-profits face in their digital security.

The Growing Need for Improved Cybersecurity

These breaches highlight the serious consequences that lapses in cybersecurity can have for non-profits. The exposure of personal information poses risks not only to donors but also to aid recipients whose safety and well-being could be compromised. As a result, experts are urging non-profits to take proactive measures to secure their data. Key strategies include:

  1. Enhancing Access Controls: Non-profits should implement multi-factor authentication and enforce strong password policies to limit unauthorized access to their systems. Restricting access based on staff roles can help prevent internal data leaks.
  2. Data Encryption Practices: Encrypting all sensitive information, whether it’s in storage or being transmitted, is crucial. This includes encrypting financial reports, identification details, and private communications to protect against unauthorized access.
  3. Conducting Regular Security Audits: Non-profits should perform frequent security checks and vulnerability assessments to identify potential weaknesses in their systems. Engaging outside experts for penetration testing can reveal hidden risks.
  4. Staff Training and Awareness: Organizations need to train their staff on data protection practices and raise awareness about cybersecurity threats like phishing attacks. Human errors often contribute to breaches, making regular training essential.
  5. Evaluating Third-Party Vendors: Many non-profits rely on external vendors for IT services or data management. It’s important to assess these partners’ security practices and establish clear protocols to ensure that they meet cybersecurity standards.
  6. Implementing Data Minimization Policies: Limiting the collection and retention of unnecessary information can reduce risks in case of a breach. Non-profits should regularly review and securely delete outdated or irrelevant data.
  7. Preparing Incident Response Plans: A well-defined incident response plan enables organizations to quickly detect and address breaches. This plan should include steps for communicating with affected individuals and coordinating with cybersecurity experts.

A Call for Vigilance

The recent UN Women data breach is a stark reminder of the need for better cybersecurity practices within charities and non-profits. As these organizations handle sensitive information, they bear a responsibility to protect the privacy and safety of those they assist.

“Cybersecurity should be seen not just as a technical issue but as a fundamental aspect of the trust between charities and the communities they serve,” said David Richards, a cybersecurity expert focused on non-profits.

Moving forward, it’s essential for non-profits to invest in stronger digital protections and to treat cybersecurity as a critical part of their mission. By taking these measures, organizations can protect their work and maintain the trust of donors, staff, and the people they serve.