July 1, 2021 Incident Notice

Impactree Security Incident Update

Transparency with our community regarding the extent of the security incident Impactree experienced on July 1, 2021 is a top priority. Please read below for the latest updates.

Impactree [July 2, 2021]
NOTICE OF DATA BREACH

 

What happened?

We discovered alterations to the Impactree platform relating to our action content at 10:30am PST on July 1. We responded within the hour by shutting down our servers as well as the Impactree platform (my.impactree.com) in order to complete a full data and security review. Our initial review concluded that the Impactree platform was accessed by an unauthorized user. 

 

What Information Was Involved?

The scope of the unauthorized user’s activity appears to be limited to alterations of public content hosted on the Impactree platform, namely action titles and descriptions. As part of an ongoing, intensive security review, we will be evaluating what personal account information may have been accessed during the intrusion, if any. 

At Impactree, we take protecting our members’ security and privacy very seriously. Out of an abundance of caution, we are going to operate as if this information may have been accessed – until we can ascertain that it was not.

Personal account information stored on the platform consists of platform members’ first and last names, email address, country, state, and zip code associated with your Impactree account (depending on the information you provided). Additional personal data may include the Impactree groups that you joined, the actions you completed on the platform, as well as the name and email of the person or organization that referred you to the platform. In a very small number of cases, personal data may also include phone number or street address (if you submitted it). 

No personal financial information is stored on the Impactree platform. Any donations made to nonprofits found through actions on the platform are processed with the nonprofit directly via their respective donation systems. Impactree does not keep or store any financial information. Impactree does not keep or store social security numbers, driver’s license information, identification card numbers, tax identification numbers, passport numbers, or military identification numbers. We have no reason to believe that any of Impactree’s users’ or customers’ financial or governmental information has been compromised.

 

What We Are Doing

An intensive internal security and database review is now underway to ensure that this is indeed the full scope of the unauthorized user’s activity. We are working with Amazon Web Services and hired a third-party online security company for a full review of our platform to ensure that Impactree is implementing all appropriate administrative, physical, and technical safeguards.

 

What You Can Do

The Impactree platform is live again and ready for you to use. However, we have deleted all existing passwords and are asking everyone to reset their passwords. Click the button below to reset your password to regain access to your Impactree account. Note: you will create your own new password.

We understand online security incidents can be unsettling and we deeply apologize for this inconvenience. We look forward to continuing to empower you to take meaningful and measurable actions to make the world a better place — today and every day. With strengthened security, we are eager to continue growing impact, together.

 

For More Information

If you have any questions, please contact us at [email protected], so we may ease your concerns or you can call Impactree Support at (415) 715-9814.