Hypoparathyroidism charity HPTH UK avoided a big fine from the information commissioner thanks to quick thing from security consultant Secarma.
The charity experienced a SQL Injection attack on a Linux server, which resulted in the personal details of more than 1,000 sufferers of the life-threatening illness, stored by HPTH UK, being published on infamous hacker website PasteBin.
One of Secarma's experts saw the data dump on PasteBin, alerted the charity and worked with web developers to identify the vulnerability. Secarma also removed the data from PasteBin and all Google searches related to it and contacted the police.
Liz Glenister, CEO HPTH UK : “We feel that the recent decision from ICO not to take action is down to Secarma's early intervention and willingness to share their knowledge so freely for which we shall be ever grateful.”
Secarma found a vulnerability within the forum software that the charity was using. The vulnerability was patched and the forum software was updated. Secarma also ran a penetration tested to ensure the security holes were fixed.
Lawrence Jones, CEO of Secarma’s parent company UKFast said: “Hackers are unscrupulous and if they can steal your data, they will. It doesn’t have to cost a lot of money or take a lot of time, simple measures like strong passwords and regular testing can ensure that you won’t be easy pickings for hackers, nor fall foul of the ICO and the Data Protection Act. “