Shostack + Friends Blog Archive

 

"Aid to the Church in Need", 2000 donors to charity, "personal details"

Not sure if the personal details obtained by hackers include CC#s, but names and addresses are certainly involved in this breach at a UK charity. A couple of interesting twists to this one, as reported at Silicon.com. First, the thieves weren’t content with just stealing the info — they used it to extort victims directly:

the hackers have used these details to contact the benefactors directly to try and extract more money

Second, the National Director of the charity makes a trenchant observation:

Apart from the obvious distress to benefactors, we’re concerned that our charity identity has been stolen. However it’s the beneficiaries, those who need the money the most, who will ultimately suffer.

In other words, get breached and your brand gets damaged. Get breached, and your revenue drops. Less money coming in means less aid to the needy going out.

One comment on ""Aid to the Church in Need", 2000 donors to charity, "personal details""

  • Iang says:

    > the hackers have used these details to contact the benefactors directly to try and extract more money
    OK, so this pins them as professionals. In the world of scams, those that donate or invest in scams are repeatedly targetted as they have proved themselves willing in the past, and will probably do it again. The list of victims in a scam is a valuable list because the entries are ‘qaulified leads’ to use sales jargon.

Comments are closed.