The homeland of hacking in wartime Britain, Bletchley Park, was one of the victims of a major ransomware attack that hit software vendor Blackbaud.
The company held data on people they had donated to the trust that runs the Bletchley Park museum.
Harvard University also joined the growing roster of victims, which were mostly charities and universities.
Bletchley Park Trust said they were confident that all exposed data was safe.
The trust added that data exposed to hackers could include names, dates of birth, email addresses, donation history, and event attendance details, but not credit and debit card details or bank account information.
During World War II, personnel from the then secret code cracking site near Milton Keynes were responsible for decrypting messages sent by the German army.
The villa and the park are now a museum open to the public.
Blackbaud, headquartered in the United States, is a leading provider of fundraising and financial management software to clients around the world.
In July, he revealed he was the victim of a ransomware attack in May. The company decided to pay an undisclosed sum to the attackers who then promised to destroy the stolen data and return control of Blackbaud's systems.
Many organizations have yet to publicly disclose that they were affected by the Blackbaud incident, which means that individual cases are only gradually coming to light.
The UK Information Commissioner's Office has so far received 166 cases as part of the ongoing investigation into the incident.
The Charity Commission, which regulates charities in England and Wales, said it had received 91 reports of serious incidents. And the OSCR, the Scottish Charity Regulator, said six charities have raised a "notifiable event" about the Blackbaud violation.
Donkey Sanctuary in Devon confirmed to the BBC that they were among the victims.
"Blackbaud has informed us that, to the best of their knowledge, all details accessed have been destroyed and there is currently no evidence that the data is being used," a spokesperson said.
The BBC had previously confirmed that more than two dozen charities and universities in the UK, US and Canada were affected by the breach.
In recent days, other additional victims have emerged:
- Hope House Children's Hospitals (UK)
- The Florida Aquarium (USA)
- University of Utrecht and TU Delft (Netherlands)
The fact that Bletchley Park, the home of wartime hacking in Britain, has been linked to the Blackbaud breach is "a bit ironic," said cybersecurity expert Steven Murdoch at University College of London. London.
However, he stressed that the trust that now runs the museum and park would not have the resources of a government-run intelligence agency at its disposal.
Dr. Murdoch added that it was understandable that Blackbaud had decided to pay a ransom to the cybercriminals, as the company wanted to appease its attackers as they potentially had the power to release huge amounts of sensitive data on the web.
This means that the old tactic of refusing to pay and relying on backups may not work properly when organizations can be threatened by the publication of private information stolen from their servers.
"I think the criminals have changed their strategy," said Dr. Murdoch.
