Top stars are among hundreds of thousands of donors targeted in huge cyber attack on charities including the RSPCA and Battersea Dogs And Cats Home
- Hackers attacked a survey company which works with more than 40 charities
- Stolen data includes victims’ surnames, home address, emails and donation
Hundreds of thousands of people who donated to some of Britain’s most high-profile charities have had personal data stolen in a massive cyber attack.
Hackers hit a survey company that works with more than 40 charities – including the RSPCA, Dogs Trust and Battersea Dogs And Cats Home – early last month, but the breach has only just come to light.
The stolen data includes the victims’ surname, part of their home address, email address and the amount they donated.
Some of the charities have now started emailing victims to warn them of the breach, and while no financial data has been taken the information that has been lost could be used by scammers to send out fake emails that have been mocked up to look like legitimate fundraising appeals.
There are also concerns that the data breach may include details of high-profile and celebrity charity backers such as Sir Elton John, who is an ambassador for Battersea Dogs And Cats Home, Alan Carr, who supports Dogs Trust, and Sir Brian May, who supports the RSPCA. Other charities impacted include Shelter and Friends Of The Earth.
Hackers hit a survey company that works with more than 40 charities – including the RSPCA, Dogs Trust and Battersea Dogs And Cats Home – early last month. Pictured: The late Paul O’Grady who visited Battersea Dogs and Cats Home on his show For The Love of Dogs
There are also concerns that the data breach may include details of high-profile and celebrity charity backers such as Sir Elton John (pictured), who is an ambassador for Battersea Dogs And Cats Home
The unknown hackers targeted Surrey-based company About Loyalty on August 9. The firm, which carries out surveys of the charities’ supporters, said the hackers accessed the personal information via a sub-contractor called Kokoro that handles data on its behalf.
Celeb backers who may have been hit
The hack has hit Battersea Dogs And Cats Home, which saw a surge in supporters after the death of Paul O’Grady in March.
Comedian O’Grady filmed the popular ITV show For The Love Of Dogs at the charity in South-West London for ten seasons. Since his death, the home has raised £300,000 through a tribute fund.
Queen Camilla, patron of the charity, joined O’Grady on the show after she adopted two dogs from the home.
The RSPCA, which has also been a victim of the breach, has 500,000 supporters and ambassadors including Sir Brian May, Chris Packham and Steve Backshall.
Another charity which was hacked, Dogs Trust, works closely with celebrities such as Alan Carr, Eamonn and Ruth Holmes, and former Great British Bake Off host Mel Giedroyc.
Holly Willoughby has also been linked to the breach as she supports the Cats Protection League.
The total number affected is currently unknown but it is likely to be many hundreds of thousands.
Friends Of The Earth said data from 93,000 of its supporters had been breached. Director Hugh Knowles said the charity is ‘taking this incident very seriously’.
A Battersea Dogs And Cats Home spokesman said: ‘We have contacted those who may have been affected to offer support and advice.’
The RSPCA, which has 500,000 supporters, sent out emails last week regarding the hack. It said: ‘The information was restricted to surname, email address, first part of postcode… and information about previous donations, such as dates and amounts.’
One supporter of the charity said: ‘If the security breach happened six weeks ago, how come it has taken so long for them to tell us? Who knows what the hackers could have been up to in that time?’
Philip Ingram, a former British military intelligence colonel, told The Mail on Sunday: ‘For the organisations that are affected in this breach, it is obviously very damaging to their reputations and may well impact on people’s willingness to donate to their campaigns in the future.
‘There is now a risk to the people whose data has been exposed of being targeted in follow-up ‘spear-phishing’ campaigns [personalised attacks, typically carried out via email].
‘It is worrying that, if the attack happened over a month ago, it has taken this long to inform the supporters. Some of these spear-phishing attempts may have already been carried out.’
The Information Commissioner’s Office (ICO) confirmed it is investigating the breach.
The watchdog has the power to issue fines of up to £17.5 million or four per cent of a company’s annual turnover to those that fail to keep people’s data safe.
A Kokoro spokesman said: ‘We are confident the incident has now been contained and there is no ongoing risk to our systems. We have notified those whose data has been impacted.’
Source: Read Full Article
