igor - Fotolia
Security experts say the exposure of the personal details of 15,000 people registered with the National Childbirth Trust (NCT) shows that all digital data needs to be protected.
The UK-based charity, which provides information and support in pregnancy, childbirth and early parenthood, has informed all those affected and urged them to change their passwords.
Police are investigating the breach and the Information Commissioner’s Office – the UK’s privacy watchdog – has been informed, reports the BBC.
According to the NCT, only the email addresses, user names and encrypted passwords of 15,085 people were compromised, but no other personal or financial data was exposed.
In the email to those affected by the breach, chief executive officer Nick Wilkie said: “While your password is encrypted, as a precaution I would advise you to change any password as soon as possible for other accounts or registrations that use these details.”
Cyber criminals routinely test stolen credentials on a range of online services to access accounts where the same credentials have been used.
Security experts are also advising those affected by the breach to change their passwords on any other website where they reused the compromised credentials.
“The fact that cyber criminals are targeting childcare charities is a reminder that all digital information is a potential target and why organisations should make every effort to secure all internal systems and protect customer data as a priority.”
Read more about data breaches
- Drawing on insights from more than 400 senior business executives, research from Experian reveals that many businesses are ill-prepared for data breaches.
- Sony will pay up to $10,000 to each claimant for identity theft losses and up to $1,000 each to cover the cost of credit-fraud protection services in connection with a cyber attack in 2014.
- The rise in high-profile security breaches has led to an increasingly worried UK public, calling for 24-hour monitoring of sensitive information.
- Considering that a data breach could happen to any company at any time, a plan of action is the best tactic.
Paul Farrington, senior solution architect at Veracode, said charities and healthcare organisations are seen as a soft target because of the sensitivity of the data they hold and their perceived ability to protect information assets.
“We have seen a number of high-profile hospitals recently held to ransom with malware in the US, underlining that every sector needs to take cyber security seriously,” he said.
This latest crompromise of credentials again emphasises the problem of relying on passwords as the single form of access control, said James Romer, chief security architect at SecureAuth.
“Passwords alone are simply not strong enough, nor adequate to protect vital applications and data,” he said. “If organisations haven’t yet learnt this from the many data breaches in the past year, then this latest breach should be a hefty reminder that businesses need to stop deploying such a minimal approach to authentication and take note that if they have something valuable, they are at risk from attacks.”
Romer said organisations should strengthen their defences against cyber adversaries by layering multiple authentication methods, such as device recognition, analysis of the physical location of the user, or even by using behavioural biometrics to continually verify the true identity of the end-user.
“Individuals affected by this notification and those looking to improve their personal cyber security posture should be both vigilant and proactive about protecting their identities,” he said. “This includes steering clear of password reuse across multiple sites and adopting a password manager to allow for extremely complex passwords.”