The American Heart Association — headquartered in Dallas, TX — disclosed a data breach affecting approximately 3 million donors. PII including donation history, contact information, and in some cases health-related data was exposed.
Threat actor gained access to donor management database via compromised admin credentials. Extensive donor data — including health affinity indicators — exfiltrated over a period estimated at several weeks before detection.
Sentinel ($89/ep/mo) — 24/7 SOC + SIEM. Fortress ($109/ep/mo) — Sentinel + EDR management + vulnerability management. Command ($129/ep/mo) — Fortress + vCISO + compliance mapping + IR plan. See full tier comparison →
| Regime | Standard / Citation | Gap Identified |
|---|---|---|
| TDPA | Tex. B&C Code §521.053 | Breach notification — 3M donors required notification; TX residents subset triggered AG notice |
| HIPAA | 45 CFR §164.308(a)(3) | Workforce access management — donor health affinity data accessible without appropriate controls |
CoreRecon cites verifiable public sources only. No speculation on unverified attribution is published. Threat actor attribution appears only where publicly confirmed by law enforcement or the organization.
Free $2,500 security posture assessment for Texas organizations. We map your gaps against the same attack vectors used in this incident. No contract, no commitment.