Data Security

Nine government watchdog groups called on the 2012 presidential candidates to lift the veil of secrecy that shrouds their biggest fundraisers, the so-called "bundlers" who use their connections to steer millions of dollars from well-heeled donors to the campaigns of their choice.

In letters sent to President Obama and Republican candidates Newt Gingrich, Ron Paul, Mitt Romney and Rick Santorum, the organizations asked that the campaigns disclose specific information about their major bundlers, identifying them by name and stating the precise amounts they raise.

Two big charities, the American Red Cross and CARE, said they are investigating reports that computer hackers gave them gifts using credit-card information stolen from a global intelligence company—and they promised to help any victims of fraud get their money back.

The hackers said they had used the credit-card data to make some charitable contributions and posted screen shots of receipts for donations to groups including the Red Cross and CARE.

A hacking movement calling itself Anonymous said yesterday that it stole thousands of credit card numbers and other client information from a U.S. security think tank with customers including the Air Force, defense contractors, police agencies, technology companies and banks. One hacker said the goal of the attack on Stratfor Global Intelligence was to pilfer funds from individuals’ accounts to give away as Christmas donations, and some victims confirmed that unauthorized transactions were made using their credit cards.

Fundraisers typically don’t give much thought to this part of online donation processing systems until something goes wrong, as it has recently in several high-profile cases involving major for-profit companies. The reality is that online credit card processing is very safe and secure, thanks in large part to the Payment Card Industry Data Security Standards (PCI DSS) created by the PCI Security Standards Council (PCI SSC).

The New Jersey Supreme Court unanimously declared Tuesday that the nonprofit New Jersey League of Municipalities is subject to the same open-record disclosure standards as the municipal governments it represents. The decision means that the League is no longer able to use its nonprofit status to deny access to records that it and other nonprofits have typically thought of as protected from public disclosure.

The Red Cross Society of China (RCSC) has ordered its branches to enhance transparency in donations and expenditures following a series of scandals that had shaken public trust in the government-sponsored charity organization.

The RCSC said in an online statement that information about donations, expenditures, charity material purchases, and the allocation of the donations should all be open and transparent to the public.

The California Latino Legislative Caucus released the names of dozens of donors Monday that collectively have contributed more than $400,000 to its nonprofit foundation since 2009.

Assemblyman Tony Mendoza, an Artesia Democrat who has chaired the Latino Legislative Caucus since December, released a list of 53 donors who contributed $243,600 in 2009 and $195,500 in 2010.

Mendoza previously had released a list of seven contributions received since he took control of the caucus late last year. Only three of them, totaling $20,000, were donated in 2011.

WikiLeaks announced via Twitter that it will now be accepting donations of Bitcoins, a wholly digital and theoretically untraceable currency. Bitcoins are created with cryptographic functions and then stored and exchanged without the help of banks. So in theory the currency prevents any institution from tracking the flow of money, and prevents any bank from either blocking transfers to a certain party or freezing anyone’s account.

East Stroudsburg University and its foundation must provide the Pocono Record with all of its donor records going back to 2000 ­— much more than the newspaper requested — a Commonwealth Court judge said Monday in clarifying a precedent-setting court ruling on the state's Right-to-Know law.

The case revolves around public access to records held by private entities, like the foundation, that carry out work on behalf of public agencies.

Over Memorial Day weekend, a group called LulzSec hacked into PBS’s website and posted this image, saying it was angry about the network’s broadcast of a documentary on WikiLeaks.

LulzSec said it broke into PBS’s servers by taking advantage of a security hole in an older version of the content-management system Movable Type and out-of-date software on PBS’s servers so it could gain access to the user names and passwords.

The situation highlights the need for organizations to make sure their content-management systems are up-to-date, said Steven Backman, chief executive of Database Designs Associates, a technology consultant.