Just two months into the second Trump administration, death threats, doxing, and government subpoenas have become a frightening routine for progressive nonprofits.
Elon Musk posts have triggered waves of online harassment. Federal agencies have demanded confidential client records from nonprofits that serve immigrants. And coordinated cyberattacks have crashed the websites of global human rights groups and nonprofit news sites.
With federal funding already at risk, many nonprofit leaders are warning that the Trump administration and its allies are coming for their data. For months, the new administration’s charged rhetoric against nonprofits has triggered a surge in online harassment campaigns. What’s more, since January 20, federal officials appear to be following the lead of red-state governors in subpoenaing sensitive data from left-leaning nonprofits, in ways that leaders say endanger staff and the people they serve.
As nonprofits work to secure their data, protect their staff, and plan to fight growing legal threats, they say an even bigger risk may be the cumulative chilling effect of such attacks, which have silenced groups and compromised their ability to fulfill their missions.
“This is about fear,” said Sameera Hafiz, policy director at the Immigrant Legal Resource Center, who has seen such attacks play out in Texas — one of the three states where the organization operates — since at least 2017.
“Their legal theories have not been successful,” she said, referring to Texas Attorney General Ken Paxton’s repeated attempts to criminalize nonprofits in the state. She called the Trump administration’s increasingly bold harassment of progressive nonprofits “a bullying tactic” meant to impede organizations’ ability to do their work.
In a recent survey by the Center for Effective Philanthropy, half of nonprofit leaders said they worry about heightened political divisions, and 40 percent had concerns about the safety and well-being of their staff and the communities they serve.
President Donald Trump and his senior adviser Elon Musk have been overtly critical of nonprofits and, in the course of slashing their funding, have also spread falsehoods on social media, accusing them of serious allegations like “human trafficking,” “money laundering,” and “aiding and abetting criminals.”
“A lot of our strategy has been about knowing that we’re doing good work, that we need to keep doing our work, and that it’s really important to fight through the fear,” said Hafiz. Her organization supports lawyers and other advocates for immigrants and in February issued a toolkit to help immigrants facing expedited removals. “They will be successful when we are afraid to do what we’re doing.”
The Online Mob Effect
Threats to nonprofit security — whether the physical safety and mental health of employees or the safekeeping of digital assets — are not new, especially for those working on politically sensitive issues like climate, reproductive and LGBTQ rights, and criminal-justice reform. For decades, abortion providers have operated behind bulletproof glass, racial-justice organizations have endured harassment campaigns, and LGBTQ centers have installed security systems to protect against violent intruders.
What has changed in today’s charged environment, nonprofit leaders say, is the brazenness and coordination of these attacks.
“What we’re seeing now is just an intensification,” said Janis Rosheuvel of the Building Movement Project, which provides trainings for progressive nonprofits and bolstered its own security a few months ago after receiving a hate-speech laden threat on LinkedIn.
“There’s an increase in how people are threatening. They feel really unbound — coming to events, threatening people online, coming to people’s homes. They’re using physical and verbal violence and intimidation to essentially undermine people’s ability to organize and resist,” said Rosheuvel.
When Trump and Musk engage in divisive rhetoric on their respective proprietary social media platforms, accusing organizations of “abetting the border crisis” or trafficking migrants, nonprofit leaders say that online harassment from some of their hundreds of millions of followers often comes next.
Most nonprofits don’t budget for sophisticated security measures until after they’ve been targeted, said Rosheuvel. Even then, resources typically go toward immediate threats rather than comprehensive protection.
“People don’t tend to take their general operating budget and address security concerns,” she said. “What ends up happening is: There is a crisis, and then people are like, ‘How can I engage digital security? How can I reinforce the door on my office building?’”
Collect Less, Risk Less
Increasingly, threats to organizations’ data are coming not just from independent actors seeking money or to harass, but by state and federal government agencies seeking information.
The pattern began most visibly in Texas, where over the past year Attorney General Ken Paxton has aggressively pursued migrant shelters, seeking sensitive information about their clients. Last fall, Paxton subpoenaed Annunciation House, a Catholic nonprofit in El Paso, demanding client records and internal communications as part of what he claimed was an investigation into organizations “aiding and abetting illegal aliens.”
His office has also subpoenaed Seattle Children’s Hospital for records related to gender-affirming care provided to Texas residents, demonstrating a willingness to pursue private data across state lines. Nonprofit leaders say such investigations create a troubling precedent that they argue has emboldened Missouri Attorney General Andrew Bailey, for example, to demand sensitive information from health-care providers like Planned Parenthood, advocacy organizations, and social service nonprofits across the country.
“Everything that is happening right now with the Trump administration — we’ve gotten the preview in Texas already,” said Hafiz, whose organization has been hosting multistate conversations among nonprofits facing “hostile threats from state lawmakers” in places like Texas, Florida, Georgia, Oklahoma, and Iowa. A lot of those state actors — and increasingly, the federal government — are “being Texas copycats to a large degree.”
In recent weeks, FEMA has sent letters to over 30 organizations demanding they surrender personal information about immigrants they served with federal grant money. Recipients describe the requests as unprecedented in scope, asking for data never previously requested under their grant agreements. In recent weeks, federal prosecutors have also subpoenaed resident records from a temporary migrant shelter in New York City
If the government wants to access a nonprofit’s data — such as hospital records or patients’ immigration status — there may be little it can do to stop the request, said Jason Kelley, activism director at the Electronic Frontier Foundation, a digital rights group, but when it comes to protecting your data more broadly, “you can also make it hard on them.”
“If you don’t collect the data, they can’t take it from you,” he said. “Whether you’re scared of cybersecurity issues or you’re worried about government data collection — in both cases, if you don’t have it, then there’s nothing for them to collect.”
Kelley warns that nonprofits must now critically evaluate what data they collect and publish. Although the administration’s use of artificial intelligence could create unprecedented surveillance, moving sensitive information behind login screens or carefully considering terminology can offer some protection.
“They’re likely using keyword analysis and AI to scan nonprofit websites, even those of small grantees,” he said. “It’s not a sophisticated attack requiring hours of investigation — it’s broad strokes.”
The ‘Subpoena Playbook’
Just before the November election, Bartlomiej Skorupa was on a rare family vacation when he began receiving frantic texts from his colleagues at Mobile Pathways, the immigration-assistance nonprofit he co-founded, alerting him to an ongoing cyberattack.
Although the hack ended with minimal damage, Skorupa was disturbed to find that his nonprofit was not alone. Amid escalating anti-immigration rhetoric online, he began connecting with leaders of immigration groups around the country who told him they’d been struggling with heightened attacks. He heard stories of groups who’d been “Zoom-bombed” during legal discussions, their employees doxed, and their data at risk.
Every month, around 200 of those nonprofits now join Skorupa on Zoom to swap stories and advice for meetings on cybersecurity and data safety. Many have expressed concerns about how to confront what they see as an emerging threat to their data: government subpoenas. In recent weeks, the coalition has conferred with pro bono legal experts to develop a “subpoena playbook” for nonprofits responding to government requests for information.
Mid-sized and smaller organizations are especially challenged. Unlike large national organizations with substantial legal resources, these “deer,” as Skorupa calls them, often lack the infrastructure to effectively resist government requests for information.
“The whales — IRC, ACLU, the Bar Association — they have federal contracts. They’re $100-million or billion-dollar organizations. They have legal teams,” Skorupa said, but with federal agencies increasingly following Texas’s blueprint for obtaining sensitive data, “my fear is that the deers are next.”
Working Under Threat
Whether threats come from anonymous online harassers or government officials, the chilling effect is the same for nonprofits, many of which have operated in a shroud of anxiety in recent months.
“Am I going to be targeted by this administration? That’s a real fear,” said Janeen Comenote, executive director of the National Urban Indian Family Coalition, which works with dozens of Indigenous nonprofits that “get funding from all of the people this administration hates.”
Even so, she said, Native Americans ""know how to survive both white supremacy and hostile governments — and right now we have that in one juicy little package.”
Many of the government’s more brazen tactics around data collection — like its funding cuts — are still being litigated.
In the 1950s, several Southern states subpoenaed the NAACP for its membership rolls in a move designed to expose and intimidate civil-rights supporters. The Supreme Court ultimately ruled that such forced disclosures would violate the First Amendment.
The administration’s efforts could meet a similar fate, but that doesn’t mean nonprofits won’t be forced to spend thousands on legal counsel, cybersecurity, and other safety measures in the interim — resources most smaller nonprofits don’t have.
Dollars for Defense
Meanwhile, philanthropic funds dedicated to safeguarding nonprofit data and security are few. The federal government’s Nonprofit Security Grant Program — which last year earmarked over $450 million for cybersecurity, surveillance systems, and other protections for organizations at risk — has an uncertain future under Trump’s funding freeze.
The donor network Solidaire’s Movement Protection Fund, one of few funds dedicated to the issue, has received a threefold increase in requests for security-related assistance since the second Trump term began. Initially focused on emergency physical-security needs, the five-year-old fund now increasingly supports organizations building long-term security infrastructure and legal-defense funds.
“This is what movements were made for. This is what foundations were made for,” said Barni Qaasim, communications director of Solidaire. “This is the moment to mobilize. This is the moment that everybody in the United States needs to be supporting movements, needs to be supporting our civil liberties.”
In Texas, where nonprofits have been weathering these challenges longer than most, leaders say they are beginning to prepare for the long haul.
“Our organizations in the immigrant and refugee space, we’re not going to look the same as an ecosystem four years from now,” said Anne Chandler, executive director of the Texas Immigration Legal Center.
She has seen leaders across Texas forced to relocate their homes after receiving death threats, invest in costly security monitoring systems, and confront a growing litany of legal demands from the state — and, increasingly, the federal government. Amid the mounting threats, she said, her advice remains the same: Prepare, don’t panic.
“Letters are arriving, and we need to have access to that technical legal knowledge to respond accordingly,” she said, but “let’s not overreact. Let’s stay as focused as possible on the work that the organizations are setting out to do.”
