In February 2022, hackers breached GiveSendGo and leaked personal information of approximately 90,000–104,000 donors who had contributed $9.6 million to the Canadian Freedom Convoy. Names, emails, ZIP codes, and IP addresses were exposed. The Intercept and other outlets identified Oath Keepers, US public officials, and Ontario police officers among the donor list.
What happened
On February 13–14, 2022, hackers breached the Christian crowdfunding platform GiveSendGo and leaked donor records for the Canadian Freedom Convoy fundraiser. Approximately 90,000 to 104,000 donor records were exposed, covering roughly $9.6 million in contributions. The leaked fields included donor names, email addresses, ZIP and postal codes, donation amounts, and IP addresses. The breach was confirmed by Have I Been Pwned and reported by TechCrunch, Reuters, and The New York Times the same week. The Intercept's February 17 follow-up identified Oath Keepers members, US public officials, and Ontario police officers in the donor list. Several Ontario officers faced internal investigations after their names appeared. The leaked data was indexed and made searchable on multiple websites within days of the breach.
What happened
On February 13 and 14, 2022, hackers breached the Christian crowdfunding platform GiveSendGo. The leaked archive contained donor records for the Canadian Freedom Convoy fundraiser, the convoy that had blocked downtown Ottawa for weeks in early 2022.
Estimates of the donor count vary by source. TechCrunch reported about 90,000 records. Reuters reported around 104,000. The total dollar volume was approximately $9.6 million. Exposed fields included donor names, email addresses, ZIP and postal codes, donation amounts, and IP addresses. Have I Been Pwned confirmed and indexed the breach the same week.
The data was searchable across multiple mirror sites within days.
How it started
GiveSendGo had become the primary fundraising platform for the convoy after GoFundMe pulled the original campaign. Its profile rose fast. Its security posture did not. The breach was a standard web-application compromise that exported the donor table.
Three days later, The Intercept named specific donor categories pulled from the leak. Oath Keepers members. US public officials. Ontario police officers.
Several Ontario officers faced internal investigations after their names surfaced. The Centre for International Governance Innovation's December 2022 retrospective walked through the broader pattern.
Why this case matters
This is the first-party fundraising-platform breach as a doxxing vector. The doxxing ran through a payment platform's customer database, not a people-search broker. Different layer, same outcome, different controls.
For first responders specifically, the leak demonstrated three things. Donating to a politically charged cause is itself an exposure event. The consequences depend heavily on which agency the donor works for. The leaked record is durable, mirrored within days, with no remediation path.
The general pattern is bigger than this one platform. Any platform that processes payments tied to a cause, a candidate, or a movement is a doxxing-adjacent target.
What this means for you
If you're on the job in any sworn capacity and you make political donations, the GiveSendGo breach is the case to read before the next one. Your name, your postal code, and your cause go on a server that was not built with your threat model in mind. When that server gets breached, the disclosure runs through whatever distribution channel the attacker chooses.
The broker-removal work this site does covers the residential-address layer. It does not reach the payment-platform layer. Different surface, different control.
For the residential layer, see /doxxing. For the broader picture of how off-duty exposure compounds with on-duty risk, see /law-enforcement. The Ontario context is outside the US scope of most of our coverage, but the cross-border donor list made every officer who contributed a US case study by proxy.
Editorial rules: Only public, already-reported incidents. Never name a non-public victim. Always end with the prevention takeaway tied to our service. Cite at minimum one public source per claim.
What would have prevented this
The GiveSendGo breach exposed a category of doxxing risk most first responders never think about. Donating to a politically charged cause through a payment platform creates a record. That record sits on a third-party server you do not control. When the platform gets breached, your name, email, postal code, and IP address get linked to the cause publicly. For sworn officers, the consequences range from internal investigations to direct personal-safety threats depending on jurisdiction. Broker removal does not reach this layer. Pseudonymous payment methods, cause-specific donor protections, and a careful read of any platform's breach history are the relevant controls. The general lesson: the broker layer is one exposure surface. Payment platforms covering politically sensitive causes are a separate one.
Public sources
- GiveSendGo, the Christian fundraising site, was hacked, leaking the data of donors who supported the Canadian truckers' protests — TechCrunch, 2022-02-14
- More data on Canada truck convoy donors leaked from website — Reuters, 2022-02-15
- Hacked GiveSendGo Records Reveal Oath Keepers, Cops, and Public Officials Donated to the Freedom Convoy — The Intercept, 2022-02-17
- Hackers Bring Down Site Used to Donate to Trucker Protest — The New York Times, 2022-02-14
- GiveSendGo data breach — Have I Been Pwned, 2022-02-14
- Canada's convoy protest made everyone a doxer — Centre for International Governance Innovation, 2022-12-19