
Audio By Carbonatix
Bank account information and users' passwords are among details feared stolen by hackers in a security breach at a service used to raise donations from millions of people.
Many UK universities and charities, as well as hundreds of other organisations worldwide, use the software involved.
Its developer Blackbaud made the admission in a regulatory filing.
The firm previously said the theft had been limited to other personal data - but not payment details.
It added it was contacting affected clients. They, in turn, will need to send follow-up alerts to at least some of the donors they had already contacted about the incident.
"We have informed the small subset of Blackbaud customers who were part of this development," the company told the BBC.
"We apologise that this happened and will continue to do our very best to supply help and support as we and our customers jointly navigate this cyber-crime incident."
The BBC has learned that some of the organisations believed to have been impacted by the latest development include:
- the University of Birmingham
- the National Trust
"We are aware that some financial data may have been accessed as a result of the data breach and are working with Blackbaud to determine if this affects us," said a spokesman for the National Trust.

Millions of people worldwide have been warned they could have been affected in the original alerts sent out about the attack over recent months.
A spokeswoman for the Information Commissioner's Office told the BBC: "Our investigation is ongoing and we will be making further enquiries regarding the latest developments."
The ICO said it knew of 166 UK organisations that had been affected by the security breach.
They include dozens of universities as well as health-related charities, schools and trusts set up to care for historic buildings.
International clients who were affected also included hospitals, human rights organisations, non-profit radio stations and food banks.
'Not acceptable'
South Carolina-based Blackbaud said the new findings did not apply to all clients affected by the hack, but acknowledged that, in some cases, the payment information involved had not been digitally scrambled, as might have been expected.
"Further forensic investigation found that for some of the notified customers, the cyber-criminal may have accessed some unencrypted fields intended for bank account information, social security numbers, user names and/or passwords," its filing said.

"In most cases, fields intended for sensitive information were encrypted and not accessible."
An updated security notice on the firm's site added that the firm did not believe credit card details had been exposed.
One cyber-security expert said it was essential that affected donors be told as soon as possible.
"It's simply not acceptable to store financial data, and passwords, in an unencrypted form," said Prof Alan Woodward from the University of Surrey.
"This latest revelation means that whereas their customers relied upon their initial statements to reassure people that banking information was not affected, that has now to be potentially reversed."
Legal claims
The hack occurred in May and was first disclosed to the public in July.
At the time, Blackbaud said it had paid the attackers a ransom and believed the thieves had subsequently destroyed the stolen data.
Paying a ransom in such circumstances is not illegal, but goes against the advice of numerous law enforcement agencies, including the FBI, NCA and Europol.
A banking security news site reported last week that Blackbaud faces at least 10 lawsuits in the US over the matter.
Latest Stories
-
Ex-G4S guard jailed in UK over £117,200 bank fraud after four-year stay in Ghana
20 minutes -
‘Stop the propaganda and release GARID funds to save lives’ – Oppong Nkrumah to gov’t
25 minutes -
Supreme Court at 150: Prof. Bondzi-Simpson traces evolution of Ghana’s judiciary from colonial era to constitutional democracy
1 hour -
Gov’t has spent more on flood control under GARID in 2 years than NPP did in 5 – Atta Issah
1 hour -
Prof. Bondzi-Simpson calls for deeper reflection on 150 years of Ghana’s judicial evolution
1 hour -
MUSIGA sympathises with flood victims, urges Ghanaians to stay safe
1 hour -
AMA declares one-month free refuse collection exercise in Accra
2 hours -
Mahama swears in Dr Pamela Graham as Ghana’s first female Auditor-General
2 hours -
Government launches dedicated GETFund support for learners with special educational needs
2 hours -
Dangerous US heatwave looms over 4 July holiday, World Cup and Swift wedding
2 hours -
Ghana Armed Forces to brief nation on nationwide flood mitigation exercise
2 hours -
Police arrest 24 in major anti-crime swoop in Ashanti Region
3 hours -
Youth Model Parliament by GYEA unveils 2026 nominees
3 hours -
Ghana National Council of Metropolitan Chicago launches GhanaFest® 2026 with historic first-ever Ghana flag-raising ceremony
3 hours -
Public health officers push for face masks and handwashing amid post-flood risks
3 hours