The hacker who stole personal information from donors at 92 charities entered the system with an employee password from Convio, the database services provider that all the charities shared.
According to an Associated Press report, a spokesman from Convio confirmed that the attacker had gained access to names and email addresses of the charities by accessing their databases using a Convio password.
No Social Security numbers or bank account information was stolen, the spokesman said. The charities have been notified, but so far, the Red Cross is the only one that has been named. The company still isn't sure how much data was stolen.
A Red Cross spokeswoman confirmed that roughly 278,000 email addresses and a smaller number of passwords were taken from a Red Cross blood drive Website that ran on Convio's software. She said the Red Cross notified affected users November 14.
Convio, which has filed papers to prepare for an initial public offering, has 1,200 clients, according to the report. Only clients using a program called GetActive, which Convio acquired in March, were affected by the attack, the spokesman said.
Tim Wilson, Site Editor, Dark Reading