RNIB Breach May Have Hit Hundreds — Report
Police have launched an investigation after scores of people reported fraud attempts following a breach of the Royal National Institute for the Blind (RNIB) web store, according to reports.
Card payment details were stolen from visitors to the site, which sells everything from big print stationery to eyeshields, lighting and canes.
As many as 817 shoppers may have been affected by the breach, according to the Daily Telegraph.
Some 55 people have already reported fraudulent activity of “ranging amounts” as a result of the incident, the report continued.
It claimed that the charity, which supports millions of blind and partially sighted Brits, was informed of the incident on 24 November but took three days to remediate the incident.
Andre Stewart, EMEA VP at Netskope, said organizations will need to move fast when the EU General Data Protection Regulation (GDPR) lands in May 2018.
“To comply with the regulation, businesses will need to demonstrate taking active steps to boost security and protect customers’ data privacy — as well as being prepared to react quickly if systems are compromised. With more and more data now stored off-premises, this due diligence will extend to securing corporate data wherever it may be, including the cloud,” he argued.
“Remaining vigilant to unusual user behavior, taking active measures to secure data and being ready to respond rapidly when targeted will be key to protecting the business’ reputation, customer data and, above all, their privacy.”
A government report back in August highlighted that charities may be susceptible to cyber-attacks as many lack the resources to deal with them and/or are unaware of the size and seriousness of the threat.
It concluded with the following:
“There is a need for basic awareness raising among staff and trustees, and upskilling of those responsible for cybersecurity — so they know the basic technical controls they can put in place. It may also help to disseminate government information and support via the organizations with which charities already have established relationships, such as the Charity Commission. Finally, making use of private sector expertise among trustees may also help individuals within charities to champion the issue.”
Source: Information Security Magazine