E-Mail Service Provider Combats Security Breach

An e-mail service provider for the American Museum of Natural History and other not-for-profit organizations is shoring up its security after an online intruder accessed an undetermined number of customer e-mail addresses and passwords.

Convio of Austin, Texas, discovered that an unauthorized third-party accessed its computer system, retrieving e-mail addresses and some passwords, said Tad Druart, a company spokesman. Not-for-profit organizations use Convio’s software platform to deliver informational newsletters or messages soliciting donations.

The breach, which occurred November 1, involved 92 Convio clients and those clients’ e-mail addresses. To date, there’s no indication the e-mail addresses have been used improperly, Druart said.

In one instance, partial credit card information for about one dozen donors was obtained from the University of Connecticut Foundation, a fundraising organization. The foundation, in response, contacted constituents and set up a Web site and phone line to handle questions.

Convio’s software includes applications to help not-for-profits with fundraising, advocacy, e-commerce, and other so-called constituent relationship management activities. The breach specifically involved Convio’s GetActive software platform; Convio acquired GetActive, a Berkeley, Calif.-based rival, in February.

Duart said the company has contacted law enforcement officials to investigate, and it has retained consultants to review and recommend improvements to Convio’s security practices and procedures.

In an e-mail message obtained by ClickZ News, the American Musuem of Natural History in New York City on November 8 sent out a notice advising its customers of the breach. “We recommend that you be on the alert regarding e-mail that appears to be from AMNH or other brand-name organizations,” the museum warned, adding that information obtained was limited to e-mail addresses, and not credit card or other personal information. The museum said it contracts with Convio to run its e-mail service.

Related reading