Pace Center for Girls

Pace Center for Girls is a Florida-based nonprofit organization providing education and social services to girls, with operations centered in the United States. Its core mission involves serving a vulnerable population, including individuals with involvement or risk of involvement in the juvenile justice system, as indicated by the types of data compromised in a security incident. The organization handles highly sensitive personal information, including student and guardian names, addresses, dates of birth, Florida Department of Juvenile Justice identification numbers, enrollment details, and behavioral health data. This data scope underscores its role in delivering comprehensive support services that integrate educational programming with social and behavioral health components. Additionally, Pace Center for Girls engages in fundraising activities, managing donor relationships and philanthropic profiles, which introduces another category of personal data, such as donor names, physical addresses, phone numbers, birthdates, and giving histories. The organization's work therefore spans direct service provision and development, requiring the stewardship of diverse personal information across its programmatic and operational functions.

The organization's operational context and data handling practices have been shaped by two significant security incidents. In December 2021, an unauthorized access event directly compromised its IT infrastructure, potentially exposing the sensitive student and guardian records of up to 18,300 individuals. This incident prompted an engagement with cybersecurity experts to secure systems and enhance protective measures, and it was reported to federal authorities, indicating a regulatory compliance obligation. A prior incident in May 2020 stemmed from a security breach at its third-party fundraising software provider, Blackbaud, which impacted donor data for over 200 entities globally. While this breach did not compromise internal operational records or financial data and Social Security numbers—as the organization stated it did not retain such financial details—it did expose donor personal and philanthropic information. The organization responded by notifying affected supporters and enhancing encryption protocols with additional authentication measures. These events highlight Pace Center for Girls's reliance on both internal IT security and third-party vendors for data protection, and they illustrate the critical nature of the personal information it maintains due to its service population. The incidents also reveal a pattern of targeted risk toward both student health and educational records and donor management data, reflecting the dual operational streams of direct service and fundraising common in the nonprofit sector. No explicit information is provided regarding the organization's total size, specific geographic footprint beyond Florida, ownership structure, or parent/subsidiary relationships, so these aspects are not included.