Quick thinking security consultant Secarma saves charity data loss

Hypoparathyroidism charity HPTH UK avoided a big fine from the information commissioner thanks to quick thinking from Secarma

Hypoparathyroidism charity HPTH UK avoided a big fine from the information commissioner thanks to quick thing from security consultant Secarma.

The charity experienced a SQL Injection attack on a Linux server, which resulted in the personal details of more than 1,000 sufferers of the life-threatening illness, stored by HPTH UK, being published on infamous hacker website PasteBin.

One of Secarma's experts saw the data dump on PasteBin, alerted the charity and worked with web developers to identify the vulnerability. Secarma also removed the data from PasteBin and all Google searches related to it and contacted the police.

Liz Glenister, CEO HPTH UK : “We feel that the recent decision from ICO not to take action is down to Secarma's early intervention and willingness to share their knowledge so freely for which we shall be ever grateful.”

Secarma found a vulnerability within the forum software that the charity was using. The vulnerability was patched and the forum software was updated. Secarma also ran a penetration tested to ensure the security holes were fixed.

Lawrence Jones, CEO of Secarma’s parent company UKFast said:  “Hackers are unscrupulous and if they can steal your data, they will. It doesn’t have to cost a lot of money or take a lot of time, simple measures like strong passwords and regular testing can ensure that you won’t be easy pickings for hackers, nor fall foul of the ICO and the Data Protection Act. “

Read more on Data breach incident management and recovery

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...