Direct answer
Moody Bible Institute ShinyHunters 2.3 million donor supporter data July 2026: what CRM buyers should take from it
The Register reported on July 6, 2026 that data on more than 2.3 million people associated with Moody Bible Institute was exposed online after a ShinyHunters incident. Have I Been Pwned also lists the breach and says the exposed information included names, physical addresses, phone numbers, dates of birth, and other donor, supporter, student, and alumni data. Support-ops buyers should treat the story as a donor support data recovery test.
Published 7/7/2026. News event: 7/6/2026.
What happened
- The Register reported that more than 2.3 million people associated with Moody Bible Institute had data exposed online after the institution was targeted by ShinyHunters.
- The reported data categories included names, genders, dates of birth, physical and email addresses, phone numbers, and marital statuses.
- The Register said the cache included donor relations, supporter, student, and alumni documents, which makes the incident directly relevant to CRM and support workflows.
- Moody's own data-investigation notice said it engaged cybersecurity experts to investigate claims from cyber criminals involving internal systems and data.
- Have I Been Pwned listed the breach and described more than 2.3 million unique email addresses plus related personal data later published publicly.
Why this is trending
- The story turns a breach into a support operations problem: exposed donors, supporters, students, and alumni may need identity guidance, records answers, and fraud-monitoring help.
- ShinyHunters activity has been widely covered across recent data-theft campaigns, so a new named incident quickly travels beyond one institution.
- The data categories are practical and sensitive, including contact details and dates of birth, which can fuel targeted phishing, account recovery abuse, and social engineering.
The CRM Costs take
A nonprofit, education, CRM, or support buyer should not respond to a donor-data incident with only a legal notice and a security statement. The buyer needs a donor support data recovery packet: which records were exposed, which systems held them, which agents can discuss them, which scripts explain credit freezes or fraud alerts, which escalations go to security or legal, and which evidence proves affected people received accurate help.
Donor Support Data Recovery Packet
A buyer framework for auditing donor, supporter, student, alumni, CRM, and helpdesk workflows across record inventory, access scope, notification scripts, fraud guidance, escalation, and recovery evidence.
Build a record matrix with source system, data category, relationship type, owner, retention rule, and approved talking points.
Review groups, stale accounts, export rights, case views, donor notes, temporary permissions, and access-removal dates.
Publish legal-approved scripts, FAQ variants, identity-verification steps, escalation triggers, and status-update language.
Add fraud guidance, credit-freeze references, phishing warning language, account-security checks, and repeat-contact routing.
Track case tags, notification batches, call outcomes, unresolved questions, escalations, callback completion, and daily recovery metrics.
What buyers should do next
Buyer FAQs
What data was reportedly exposed in the Moody Bible Institute incident?
The Register and Have I Been Pwned reported exposure of names, physical and email addresses, phone numbers, dates of birth, and other information tied to donors, supporters, students, and alumni. Buyers should rely on official notices for final affected-person scope.
Why does this matter to CRM and support operations teams?
A breach response quickly becomes a support workflow. People need accurate answers, identity guidance, escalation, status updates, and recovery evidence, while agents need access limits and approved scripts.
What should support buyers ask vendors or outsourced teams for?
Ask for record inventory, access review, legal-approved scripts, fraud guidance, escalation rules, callback ownership, case tags, reporting, and proof that broad incident-response permissions are removed after the response window.