The British and Foreign Bible Society has been fined £100,000 by the Information Commissioner’s Office for failing to protect supporters' details

A charity has been fined for failing to protect its supporters’ details from online hackers.

The British and Foreign Bible Society has been issued with a £100,000 fine from the Information Commissioner’s Office (ICO) after falling victim to a cyber attack in 2016.

A probe by the regulator found that credit card and bank account details were kept on systems with insufficient security measures.

An account which was used to manage the information was only secured with an easy-to-guess password. The attackers deployed ransomware, and whilst the society’s data was not permanently damaged or rendered inaccessible by the encryption, the attackers were able to transfer some files out of the network

The Information Commissioner found that, although the society was the victim of a criminal act, it failed to take appropriate technical and organisational steps to protect its supporters’ personal data.

The ICO’s head of enforcement, Steve Eckersley, said: “The Bible Society failed to protect a significant amount of personal data, and exposed its supporters to possible financial or identity fraud.

“Our investigation determined that it is likely that the religious belief of the 417,000 supporters could be inferred, and the distress this kind of breach can cause cannot be underestimated.

“Cyber-attacks will happen, that’s just a fact, and we fully accept that they are a criminal act. But organisations need to have strong security measures in place to make it as difficult as possible for intruders.”

The ICO said that the society – which is based in Swindon and operates in England, Wales, the Channel Islands and the Isle of Man – had taken substantial remedial action since it became aware of the attack and has fully co-operated with the investigation.