Special Olympics NY is a non-profit organization that helps athletes with intellectual disabilities. Provides sports training and training services and organizes competitions and competitions for more than 67.000 children and adults with mental retardation throughout New York.
The non-profit organization sent one notice in relation to hacking incident to inform all of them users affected. He stressed to donors that should ignore the last message they received (assumed by the organization). He also said that hackers managed to breach only the "communications system" that stores some contact information. Financial data users were unaffected.
“As you may have noticed, O. e-mail our server was breached. We have corrected the problem and we sincerely apologize, ”Special Olympics NY wrote in an email to donors.
“The hack was in our communications system, which only included data contact information and not financial information, ”the notice said. "Make sure your contact details are protected and kept confidential."
The phishing emails that the hackers sent to the victims included (supposedly) one notification of an impending donation. According to the email, $ 1.942,49 would be automatically deducted from account of the donor victim within the next two hours.
The hackers set this short time frame to scare the victims and make them open one of the two embedded links, which were supposed to lead to a PDF file containing the donation statement.
"Please check and confirm that everything is correct, if you have any questions, find my number in the statement and call me," the phishing emails said. “There is nothing wrong, I have verified them twice. Thank you, have a great weekend ”.
Opening the links led the victim to a site controlled by hackers (now no more). Probably, it was used to steal them credentials and donor credit card details.
Special Olympics said donors can now donate to safety as the issue has been resolved.