Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Breach
2023
British charities warn supporters their personal data has been breached

British charities warn supporters their personal data has been breached

Table of Contents

Incident Details

Several charities in the UK, such as Shelter, the RSPCA, the Dogs Trust, Battersea Dogs and Cats Home, and Friends of the Earth, have alerted their donors about a data breach caused by hackers who targeted a supplier. It's important to note that the charities' systems have not been compromised; instead, the issue stems from external parties assisting the charities in collecting data from their supporters through surveys.

Incident

How Did the Breach Happen?

A security incident occurred on an external web server managed by Kokoro, a contractor employed by the survey company About Loyalty, leading to unauthorized access. As a result of this breach, personal information including last names, residential addresses, email addresses, and details of previous donations were compromised.

What Data has been Compromised?

The data breach involved the last names of donors, their residential addresses, email contacts, and records of previous contributions. Thankfully, critical data like passwords and financial information was not exposed.

Why Did the company's Security Measures Fail?

A breach happened because of a security oversight in the external web server operated by Kokoro, a company employed by the survey firm About Loyalty. It seems that the vendor lacked adequate security protocols to avert the breach.

What Immediate Impact Did the Breach Have on the company?

The breach resulted in the unauthorized access to personal data of donors supporting the impacted organizations. Subsequently, the organizations have communicated with their supporters through email to notify them about the security breach.

How could this have been prevented?

Stronger security measures could have stopped this breach if Kokoro, the supplier, had applied them to their external web server. By conducting routine security audits and implementing rigorous data protection protocols, the likelihood of this breach occurring could have been reduced.

What have we learned from this data breach?

The significant lesson obtained from this breach is the necessity of conducting detailed evaluations of third-party vendors and suppliers to verify the presence of sufficient security protocols. Additionally, it underscores the importance for companies to consistently assess and enhance their internal security procedures.

Summary of Coverage

A cyber attack occurred on a third-party web server managed by Kokoro, a service provider engaged by the research company About Loyalty. This incident led to the unauthorized access to personal data belonging to donors supporting multiple charitable organizations in the UK. The impacted charities have informed their donors about the breach and have implemented measures to reduce any possible threats.

Is your System Free of Underlying Vulnerabilities?
Find Out Now