The American Israel Public Affairs Committee (AIPAC), a prominent Washington-based nonprofit advocating for pro-Israel policies, suffered a data breach exposing the personally identifiable information (PII) of 810 individuals. The incident involved months of unauthorized access, allowing attackers to compromise sensitive data. While the exact nature of the exposed information (e.g., names, contact details, financial records) was not fully disclosed, the breach highlights vulnerabilities in AIPAC’s cybersecurity defenses. The prolonged access suggests potential risks of further exploitation, such as identity theft, phishing, or reputational harm. As a high-profile organization dealing with politically sensitive matters, the breach could also undermine trust among stakeholders, donors, and affiliated individuals. The delayed detection exacerbates concerns about AIPAC’s incident response capabilities and data protection protocols.

AIPAC, a prominent U.S.-based political organization focused on U.S.-Israel relations, suffered a data breach via an external third-party system compromise. Unauthorized access to its files occurred from October 20, 2024, to February 6, 2025 (4 months), but was only detected on August 28, 2025. The breach exposed personally identifiable information (PII) of 810 individuals, including names and other identifiers (potentially Social Security Numbers, Taxpayer IDs, driver’s licenses, passports, addresses, contact details, email addresses, payment card data, and banking information). While no evidence of misuse or data leaks on hacker forums has been reported, the breach involved criminal cyberattack methods. AIPAC responded by notifying affected individuals (starting November 13, 2025), offering 12 months of identity protection services (IDX), and implementing enhanced security measures (posture controls, DLP, access restrictions, monitoring, etc.). No group claimed responsibility, and the motive remains unclear.