There was a data breach of the pi-hole donation mailing list. The leak itself does not seem to be a huge deal but it is an interesting read as the pihole team is extremely transparent. GiveWP looks terrible though…
The extent of the data available was:
What ever name/names you typed in the fields
The email address you used.
That’s it. We don’t have access to or store any credit card numbers or verified names or addresses or phone numbers. Any PII is maintained directly by the card processors, Stripe or PayPal. We make it clear in the donation form that we don’t require a valid name or email address, it’s purely for users to see and manage their donations.
Donation history requires an email sent with a one time access URL, you can’t access any of that with just an email address alone.
So, yeah, this sucks and yes, this isn’t what I’d like to have happened. But this is also why we do not ask for and do not collect any PII, I’m of the belief that anything you put out on the internet is going to be seen at some point in time. So instead of trying to protect information, we just don’t collect it.