The exposed information included donor names, addresses, payment methods, and even sensitive data about children associated with the organizations, posing a potential risk for phishing attacks and fraudulent donation requests.