Charity Loses Tens of Thousands of Dollars Amid Cyber Attack

At least one small charity lost tens of thousands of dollars in donations last week when a cyber attack interrupted transactions on electronic payment site PayPal.

Small Army for a Cause, a cancer-focused organization in Boston, was prepped and ready Friday for its annual one-day fundraising campaign, Be Bold, Be Bald! Each year, participants wear bald caps for a day and ask for donations from friends, family, and colleagues, raising $50,000 to $100,000 online during the designated 24-hour period and many more tens of thousands of dollars in the lead-up and wind-down.

On Friday, the day of the campaign, founder Jeff Freedman got up in the morning, put on his bald cap, and logged onto his computer to see how the donations were coming in.

“I saw next to every donation ‘failed,’ ‘failed,’ ‘failed,’ ” Mr. Freedman said. “I was really mad because the night before the event we update the website to say, ‘Today is the day.’ ”

He called the charity’s web developer, a third-party vendor, to complain. Then he called the internet service provider. For about half an hour Friday morning, a few transactions appeared to go through, and the problem seemed resolved. Then they began to fail again.

That’s when Mr. Freedman and others realized something bigger was going on: Hackers had attacked a major internet firm based in Manchester, N.H., impinging traffic and transactions on major websites including Twitter, Spotify, and PayPal. The last was the platform that Small Army for a Cause uses to process online donations for its campaign.

Trying to Be Positive

Mr. Freedman and his team sent emails to supporters explaining the situation and providing links to news coverage of the attack. Some would-be donors had filled out donation forms, providing their email addresses, before their transactions were cut off. So the charity emailed those individuals and asked them to return to the site at a later time.

“The problem there is we haven’t looked to see how many of those people actually went back and made a donation, but my gut is that it is a pretty low percentage of people who are going to do that,” Mr. Freedman said.

The problem lasted until about 5 p.m. Friday. The campaign lost tens of thousands of dollars, at least, he said.

“We have told people, Go and reach out and talk to your communities. The fundraising platform is still open through the end of the year,” Mr. Freedman said. “But the momentum that happens on that one day is gone now.”

Still, he says, he and his colleagues are trying to find the positive in it: There were lots of people out that day wearing their bald caps, taking pictures, and sharing them, he said.

“You try and revel in the idea of the day, which is to honor those who fight cancer,” Mr. Freedman said.

The PayPal incident underscores how vulnerable nonprofits are to criminal activity targeting websites and payment systems — criminals using charity donation pages to test the validity of stolen credit-card numbers, for example — as well as to just plain old technology failures. Earlier this year, a national giving day that was to benefit 13,000 charities was ruined when fundraising platform Kimbia suffered a meltdown. The online event had raised $68.5 million the year before.