vulnerability

Stories From An IT Security Professional

Creative Commons: Donors Data Leak

cc.logo.large

A few days ago has the Creative Commons team sent out an email, informing me and some other donors about a data leak that happened on their GitHub repository:

Creative Commons believes in open, frank, and prompt communication with our community, including our donors. We also take your privacy seriously. We are committed to responsibly guarding the personal information you share with us.

In keeping with these principles, we want to tell you about a situation that came to our attention very recently involving your personal information. In 2013, during a migration of files to GitHub, we mistakenly posted an electronic file in a public repository that
contained some donor information. Specifically, the file included the names, addresses, email addresses, and donation amounts of about 2000 individuals who donated to Creative Commons between 2004-2007. The file did not include any credit card or other financial information. When we learned about the problem earlier this week, we immediately and permanently removed it from GitHub. We have no reason to believe anyone other than the individual who called this to our attention found the data, or that anybody misused the data.

We deeply regret this mistake and apologize for its occurrence. If you have any questions about this incident or about CC’s policies relating to collection, maintenance, and protection of your personal information, please contact legal@creativecommons.org.

Thank you for continued support.

Creative Commons

I was not able to identify the precise repository or file yet. However, I am happy that Creative Commons has informed affected users and has removed the file from their repository as soon as they got notified about the leak. So far I also haven’t seen any media attention on the whole leak.

The past years I have always donated to the cause that Creative Commons brings and I am happy how they reacted with this leak.

Leave a Reply

Your email address will not be published. Required fields are marked *