Special Olympics of New York, a nonprofit organization that provides sports training and competition to more than 67,000 children and adults with intellectual disabilities, had its email server hacked and later used to launch a phishing campaign against previous donors. The malicious email was camouflaged as an alert of an impending transaction that purported to automatically debit almost two million dollars within two hours. The phishing email used a Constant Contact email marketing tracking URL that redirected the victim to the attackers’ landing page in an effort to steal donors’ credit card information.  In a statement released by the Special Olympics of New York, they apologized for the incident and stated that no financial data was affected. The malicious emails have stopped, and the attacker’s website has been taken down. In a related incident, the Tokyo 2020 Summer Olympics issued a statement that they have also been the victim of malicious emails that direct donors to attackers’ webpages.