AIPAC data breach exposed personal information of 810 individuals after months of unauthorized access

The American Israel Public Affairs Committee (AIPAC), a Washington-based nonprofit that advocated for pro-Israel policies in the United States, disclosed a data breach that exposed personally identifiable information belonging to 810 individuals. The organization identified the incident on or around August 28, 2025, and began notifying affected people on November 13, 2025.

Investigators found that attackers accessed information stored on AIPAC’s systems over an extended period, beginning on October 20, 2024, and ending on February 6, 2025. The intruders exfiltrated data containing personal identifiers, payment card details, and banking information. The specific types of personal identifiers were not enumerated but could have included names, contact details, copies of identification documents, and other sensitive records. There were no indications that the compromised information had been misused.

AIPAC undertook a lengthy review of the files involved to determine whether they contained personal data and to identify the individuals affected. The organization stated that the breach response required significant time and resources to assess the scope of exposure. One resident of Maine was included in the total number of impacted individuals.

The organization provided complimentary credit monitoring, identity protection, and identity theft recovery services for twelve months through a third-party vendor. The support package also included insurance coverage for potential fraud-related losses. No ransomware group claimed responsibility for the breach.

AIPAC, founded in 1954, is one of the most influential foreign policy advocacy groups in the United States and focused on strengthening U.S.–Israel relations. The compromise of personal information tied to its members and donors underscored the persistent cybersecurity risks facing political advocacy organizations.