Resolved - Give Lively confirmation emails sent to donors for charges not made through our platform

Incident Report for Give Lively

Postmortem

As described in yesterday's status page incident report, during the day on August 7, 2025, our system synced charges that were not made through Give Lively. These charges were pulled from your connected Stripe account. This triggered Give Lively confirmation emails to people who had not given via our platform.

To alleviate any concerns:

  • We did not charge anyone who mistakenly received a confirmation email from us. These confirmation emails were due to a systems error only, not a financial one.
  • We have already sent notice to everyone who mistakenly received an email to disregard that email.
  • There was no data breach or loss. Donor data and your data remain fully secure.
  • We found and stopped the cause of the data sync yesterday afternoon. We are working diligently to ensure it does not happen again.
  • There is no immediate action required on your part to correct any data; our engineers are looking into that.

Here's a comprehensive breakdown:

Your supporters were not charged by Give Lively

  • The data we synced from Stripe changed our reports. These changes triggered our automated payment confirmation emails, but not actual payments.
  • No one who mistakenly received an email from us was charged through Give Lively. They were not double-charged for their original payment and they are not registered for recurring payments.
  • We encourage anyone who seeks reassurance to check their bank or credit card statements.

We have sent notice to your supporters

  • At approximately 6 pm EDT on August 7, once we had a list of everyone who mistakenly received an email, we sent a follow-up notice to them.
  • We apologized for the error and advised them to disregard our earlier email. We also let them know that they were not charged by Give Lively and that their data is not at risk.

This was not a data breach

  • Yesterday’s occurrence did not involve any data breaches or loss. It was a systems error only.
  • When you connected your Stripe account to our platform, you granted access through Stripe’s secure Connect OAuth process. As Stripe explains: “Data you create for an account (for example, charges, customers, invoices, and so on) will be visible on their Stripe account. It also means that if they connect other platforms, those platforms can access this data too.” (Reference: Stripe – Using OAuth with Standard accounts)
  • This was a data intake error. The data we unintentionally synced was still accessible under your granted permissions. It is not in our regular practice to sync such data.
  • The data that was unintentionally taken in is being purged from our system as part of the clean-up process for this incident. [As of 10:30 am EDT, August 13, the data purge is complete.]

All data is secure

  • The data remained secure and was never shared with unauthorized parties. We never sell, rent or lease personal or business details to any third parties. Never.
  • Give Lively never directly sees or stores any donor payment information. These details are captured by and stored securely in Stripe without passing through our servers.
  • We never charge a card, digital wallet or bank account without authorization.

This was an unfortunate one-time occurrence

  • Due to a code update in our nightly sync with Stripe, we captured missing charges as usual, but also some charges that were not made via our platform.
  • That code update has been reviewed and repaired. Last night, it worked as intended.
  • Additionally, to ensure against future data issues, our engineers are building extra protections that wall off data in Stripe for charges that were not made via our platform.

Our engineers are restoring as much data as possible

  • You do not need to take any action with your donation data in Give Lively and Stripe. We know precisely what was impacted and our engineers are taking measures to automatically adjust it in Give Lively reports, as well as Give Lively data within Stripe. [As of 10:30 am EDT, August 13, the data cleanup is complete for all connected Stripe accounts.]
  • If you use our Salesforce integration and your data has been impacted, we will send additional information about how to correct it.

Give Lively is dedicated to helping the nonprofit community. Our platform is designed to save you funds and time as you raise money and manage your data. It's our reason for existing.

We are very sorry about the alarm this has caused and are committed to resetting the data and working with you to allay any worries.

Posted Aug 08, 2025 - 20:51 EDT

Resolved

From early on August 7th, 2025, until approximately 3 pm EDT, our system synced charges (from connected Stripe accounts) that were not made through Give Lively. This triggered Give Lively confirmation emails to donors who had not given via our platform.

Importantly, the confirmation emails were purely a systems error, not a financial one. Donors who received unexpected emails from Give Lively were not charged in any way.

However, Stripe also registered some erroneous information, which is appearing in Stripe data as if additional charges were made. This is only showing in data, but is not a reflection of real charges.

As we speak, our engineers are collating all data affected by this occurrence. Once this is in hand, they will correct all anomalous data, both in Give Lively and Stripe reports.

They will also investigate what happened and take immediate steps to ensure that it does not happen again.

We will share more information once we have more details, both here and in direct communication with impacted nonprofits.

Thank you for your patience and understanding.

To receive future notifications by email or Slack whenever Give Lively creates, updates or resolves an incident, click “Subscribe to Updates” on https://status.givelively.org.
Posted Aug 07, 2025 - 17:17 EDT
This incident affected: Give Lively (Stripe services).
Current Status Powered by Atlassian Statuspage