Big Brothers Big Sisters of America — 2026 NightSpire Ransomware Attack Exposes Children's Records and Background Check Data at Big Brothers Big Sisters
Big Brothers Big Sisters of America2026 NightSpire Ransomware Attack Exposes Children's Records and Background Check Data at Big Brothers Big SistersUpdated 2026-03-31 00:37 UTC
Big Brothers Big Sisters of America is the nation's largest youth mentoring nonprofit founded in 1904 serving children aged 6 to 18 through one-on-one mentoring relationships with adult volunteers. The organization operates across hundreds of agencies nationwide and conducts extensive background checks on all adult volunteers to protect child safety. The NightSpire ransomware group attacked Big Brothers Big Sisters around March 5 2026 and exfiltrated approximately 20GB of sensitive data including student lists, background check records on volunteers, and internal documents. Six credentials were compromised including employees and third party vendors. The organization works directly with vulnerable children making the exposure of background check records and student lists particularly serious.
Initial Access
Credential Compromise
confirmed
NightSpire gained unauthorized access to Big Brothers Big Sisters systems through compromised credentials belonging to employees and third party vendors. Six total credentials were compromised including two internal employees, four users, and two third party vendor accounts giving attackers legitimate looking access to internal systems.
Defender cut points
Enforce phishing resistant MFA on all employee and third party vendor accounts immediatelyImplement privileged access management to restrict what compromised credentials can accessConduct regular credential audits and immediately revoke unused third party vendor access
