All Pi-hole donors’ names and emails compromised, and possibly other sites that use the GiveWP plug-in: Compromised Donor Emails: A post-mortem – Pi-hole
That happened in July 2025. I have not received any notice from Pi-hole about this; I just found out accidentally by searching my email address at Have I Been Pwned
Good time to check all your email addresses: https://haveibeenpwned.com/
Well that sucks. I apparently used my normal email address when I donated rather than a temporary throw away address. I suppose it doesn’t really matter as that address had already been exposed previously, but still disappointing. And the response from GiveWP was pretty disappointing as well.
Just to compound the suckery, HIBP was itself pwned e.g. Creator of HaveIBeenPwned Data Breach Site Falls for Phishing Email (but note carefully the scope of the breach - not as diabolical as it could be)
When even security professionals are getting caught … 
Always and everywhere this.
Yes, I read about that. Lol!