Leading UK charities – including the RSPCA, Dogs Trust, Battersea Dogs & Cats Home and Friends of the Earth – have been caught up in a major cyber attack on a third-party supplier, putting hundreds of thousands of supporters at risk.
Surrey-based company About Loyalty, which carries out supporter surveys for more than 40 charities , said the hackers accessed personal information via a sub-contractor called Kokoro that handles data on its behalf.
Although the stolen data might not seem too attractive – namely the victims’ surname, part of their home address, email address and the amount they donated – the affected charities have now started emailing victims to warn them of the breach.
While no financial data has been taken, the information that has been lost could be used by scammers to send out fake emails that have been mocked up to look like legitimate fundraising appeals.
The total number affected is currently unknown but it is likely to be many hundreds of thousands.
Friends Of The Earth said data from 93,000 of its supporters had been breached. Director Hugh Knowles said the charity is taking this incident very seriously.
A Battersea Dogs & Cats Home spokesman said: “We have contacted those who may have been affected to offer support and advice.” Meanwhile, the RSPCA, which has 500,000 supporters, sent out emails last week regarding the hack.
The Information Commissioner’s Office confirmed it is investigating the breach.
A Kokoro spokesman said: “We are confident the incident has now been contained and there is no ongoing risk to our systems. We have notified those whose data has been impacted.”
Revealed: Data breaches which will get the ICO calling
TikTok whacked with £12.7m fine for UK privacy failings
No mercy: £4.4m ICO fine fuels cyber security warning
Major brands warned over extortion after global attack
ICO inundated with reports over Capita data breach
KFC owner warns customers over potential data theft