A security breach in the Utah Food Bank‘s website may have resulted in the disclosure of more than 10,000 donors’ personal information.
In a letter that was sent to a donor on Tuesday and obtained by the Deseret News, Utah Food Bank officials said they recently discovered that an “unauthorized individual” may have gained access to donation information submitted through the organization’s website between Oct. 8, 2013 and July 16, 2015.
Names, addresses, emails, credit or debit card numbers, security codes and expiration dates may have been exposed during that time period, the letter states.
Ginette Bott, Utah Food Bank chief development officer, said Saturday that the security breach occurred because of a vulnerability within the website and affected about 8 percent of the organization’s donors.
“We so value the relationships we have with all of our donors, and we’re committed to our mission to continuing to supply those meals to Utahns in need, so we take this incident and the protection of our donors and their information very seriously,” Bott said.
Since the breach was discovered last month, she said a team of computer security experts was hired to assist with the investigation, and the website’s weakness was corrected July 16.
“What we determined we had to do was discontinue that one portion of the webpage and be sure that everything that was happening on the system was bulletproof,” Bott said. “We are absolutely confident we have installed every measure that we can to be failsafe at this point. I guess it’s as failsafe as electronics allow you, but this incident has been contained.”
Those measures included changing all passwords, implementing additional monitoring and reviewing policies and procedures to ensure all information is appropriately protected, according to the letter sent to the effected donors.
Bott said there is little risk of identity theft because the organization’s website does not collect Social Security numbers. However, the Utah Food Bank arranged to provide the 10,000 affected donors with free identity protection and credit monitoring for a full year.
“We have not had one complaint or concern from anyone using a credit card with the Utah Food Bank, so we were very surprised to learn that there could be a situation,” Bott said. “But we felt that it isn’t our data we’re protecting, it’s our donors, so we wanted to extend that courtesy.”
In the letter, Utah Food Bank officials warned donors to be vigilant and contact their banks or credit card issuers if they become aware of any suspicious activity.
“We apologize for any inconvenience, and we certainly want folks to recognize that in this day and age I guess it’s going to happen,” Bott said. “But we’re incredibly sorry for any challenge that it might impose for our donors.”