Cyber Incident Victim: Utah Food Bank

The Utah Food Bank experienced a security breach affecting its website donation system, with unauthorized access occurring between October 8, 2013, and July 16, 2015. The organization discovered the intrusion and began notifying donors in August 2015 through individual letters, one of which was obtained by the Deseret News. During the nearly two-year exposure period, attackers potentially compromised donors' names, physical addresses, email addresses, credit or debit card numbers, card security codes, and card expiration dates. The breach impacted over 10,000 individuals who had submitted online donations through the food bank's website. Utah Food Bank officials characterized the intruder only as an "unauthorized individual," without disclosing specific technical details about the attack methodology or entry vector.

The compromised data included sensitive financial information capable of facilitating identity theft and payment card fraud. No evidence suggested the breach extended beyond the online donation platform or affected other organizational systems. As a nonprofit entity, the Utah Food Bank fell outside the jurisdiction of the Federal Trade Commission's data security enforcement authority. DataBreaches.net attempted to determine whether website security responsibilities belonged to Xmission (the organization's internet service provider), internal IT staff, or third-party vendors, but no clarifying information was available in the public disclosures. The food bank's notification letters represented the primary documented response action, with no additional remediation measures or forensic findings detailed in the available reports.