AIPAC (American Israel Public Affairs Committee) has announced a data breach linked to an external system breach that involved an unknown third-party company. The disclosure appeared in a notification submitted to the Maine attorney general’s office on November 14 2025.
4 Months of Access
The filing states that the data breach was identified on August 28, 2025, when files stored on AIPAC systems were accessed without authorisation from October 20 2024, to February 6 2025. The review of those files showed that names, along with other personal identifiers, were taken.
A total of 810 people were affected, including one resident of Maine. Although AIPAC did not specify which data types were present in the personal identifiers, it is important to note that such identifiers, also known as PII, can cover Social Security Number or Taxpayer ID Number, driver license number, state ID number, passport number, home address, contact details, email address, payment card data and banking information.
“We are writing to notify you that American Israel Public Affairs Committee (“AIPAC” or the “Organization”) was the subject of a criminal cyberattack (the “Incident”) “Through its extensive investigation, AIPAC determined that the Incident resulted in unauthorized access to certain files stored on its information systems. The Organization then undertook the time- and resource-intensive steps of determining whether those files contained personally identifiable information (“PII”) and to identify the data subjects to whom that PII related.”
Snippet from AIPAC Notification
AIPAC began notifying those affected on November 13, 2025, through email. The notice sent to individuals reports that the group has not found signs of misuse. It is worth noting that no group has claimed responsibility for the hack, and no AIPAC-linked data has appeared on hacker forums so far.
The organisation says it is providing identity protection through IDX for twelve months. The package includes credit and CyberScan monitoring, an insurance reimbursement policy and identity recovery support.
AIPAC states that it has added new security controls after the incident, including posture controls, non-human identity controls, email data loss prevention, Microsoft 365 access controls, privilege alerts, geolocation restrictions, audit functions and increased monitoring.
What is AIPAC?
AIPAC is a United States-based political organisation that works to influence policy related to Israel. It focuses on building support in Congress and guiding lawmakers on issues linked to US-Israel relations.
The organisation also raises funds, builds networks and pushes for legislation that aligns with its policy goals. It is one of the most active groups in Washington and often engages with elected officials, staff and donors to advance its agenda.