If nonprofits believe that hackers will not do significant damage or, even worse, suppose that cybercriminals won’t target them, they may face a surprise.
Nonprofits invite attention mostly for their financial data. Donation or fundraising portals that lack appropriate security are a prime source for sensitive bank and credit card information.
Additionally, nonprofits hold plenty of critical client information as Social Security numbers or health records. This provides another stimulus to attack their systems, as such data can be used for fraud, blackmail, or other related crimes.
On top of that, even if hackers get less-valuable information such as emails, they could bombard their victims with advertising, phishing attempts and other kinds of unwanted emails.