Certain San Diego Personal Information Provided To The Jewish Family Service Exposed Online


The Jewish Family Service of San Diego, a leading nonprofit aid organization, exposed thousands of posts, some containing credentials of people seeking help with everything from paying rent to the escape of abusive relationships.

The social services charity, which helps people in crisis regardless of their faith, learned of the data breach Monday evening after a Union-Tribune reporter in San Diego came across the material online . More than 5,000 messages submitted through the public contact form on the organization’s websites over the past two years have been made public.

The Jewish Family Service declined to answer specific questions, but released a statement saying it had taken immediate action to resolve the data breach.

“On February 22, 2021, after being contacted by The San Diego Union-Tribune, Jewish Family Service became aware of a vulnerability on its website,” he said. “We take the security of our data very seriously and have taken steps to secure the website. We engaged cybersecurity experts to conduct legal and forensic investigations, to determine the nature and scope of the incident. We are willing to provide additional information as we learn more.

Based on a preliminary investigation, the issue appeared to be limited to a single contact form on the website, which the organization corrected within hours of its discovery, the charity noted.

Some of the messages exposed online contained personally identifying information, including addresses, phone numbers, dates of birth, and social security and passport numbers. Email addresses, driver’s license numbers and information on refugee and immigration cases as well were included in some of the posts posted on the Internet.

It turned out that only the date and body of messages sent through the online contact form were exposed, as some users had entered personal information in a text box.

The Jewish Family Service of San Diego was established in 1918 and has grown to become one of the region’s largest social service providers. It reported $ 32.4 million in income and $ 24.9 million in expenses in the year ending June 30, 2019, according to its most recent publicly available tax return.

Last July, the charity announced that it was one of many nonprofits to experience security breaches related to a ransomware attack on Blackbaud, a leading financial technology and fundraising provider. fund used primarily by non-profit organizations.

In October, the nonprofit Identity Theft Resource Center reported that 144 organizations and 7 million people had been affected.

The 2020 data breach included “The name and contact details of the donor, and may also include telephone numbers, email addresses and postal addresses; and a brief history of donor relationships with JFS to date, such as donation dates and donation amounts, ”charity officials said last year.

The nonprofit has been a lifeline for many in San Diego and beyond for more than a century, providing assistance to tens of thousands of people each year, according to its annual reports. He awarded millions of dollars in cash grants for people in crisis and provided desperately needed services such as car loans and secure overnight parking for people living in their vehicles.

The Jewish Family Service also serves as a resource for various government agencies, including social workers who seek to connect their clients with public benefits.

Dozen of messages on display were from grateful customers thanking the organization for helping them get through difficult times in their lives and getting them back on their feet a path to self-sufficiency.

The messages also showed how many San Diego County residents have been affected by the COVID-19 pandemic. Several of the writers said they had tried and failed to find help elsewhere and were unsure of what to do.

A handful of posts appeared to come from charity administrators, testing the functionality of the form or conveying messages internally. Several simply said “test”.

Leave A Reply

Your email address will not be published.