UK charities including Shelter, the RSPCA, the Dogs Trust, Battersea Dogs and Cats Home, and Friends of the Earth have warned their supporters that hackers have stolen their data following a breach at a supplier.
The charities themselves haven’t been hacked. The problem instead lies with third-parties working with the charities to help them conduct surveys of their supporters.
An external web server run by Kokoro, a company that was working for survey firm About Loyalty, suffered a security breach spilling donator’s surnames, home addresses, email addresses, and information on past donations.
Charities affected, including the RSPCA and Shelter, have contacted their supporters via email, warning them of the threat.
Friends Of The Earth told the Daily Mail that some 93,000 of its supporters had had their data breached.
All fine words, of course, but it’s no guarantee – of course – that they won’t ever suffer a hack.
And you, as a supporter of a particular charity, are probably completely unware that Kokoro exists at all, let alone that it has a copy of your personal information.
Fortunately, the charities had not shared more sensitive information – such as passwords and financial details – which could have potentially put supporters at even greater risk.
Nonetheless, there remains the potential for charity supporters to be targeted by scammers who might use the stolen information to send convincing-looking emails which might ask for more sensitive information, or dupe recipients into clicking on shady links.
It would obvious be a great shame if this security breach shook anyone’s confidence in supporting such worthy charities who – quite frankly – have done nothing wrong other than work with suppliers who appear to have not secured their systems tightly enough.
The incident has been reported to the Information Commissioner’s Office (ICO) and Charity Commission.