This website uses cookies for anonymised analytics and for core features such as voting on polls and comments. See our privacy and cookies policies for more information.




The voice of Scotland’s vibrant voluntary sector

Published by Scottish Council for Voluntary Organisations

TFN is published by the Scottish Council for Voluntary Organisations, Mansfield Traquair Centre, 15 Mansfield Place, Edinburgh, EH3 6BB. The Scottish Council for Voluntary Organisations (SCVO) is a Scottish Charitable Incorporated Organisation. Registration number SC003558.

Leading charity hit by ransomware attack

 

Another charity targeted by hackers

A ransomware attack on the Salvation Army has compromised some of its corporate systems, the charity has revealed.

The Salvation Army identified the attack a month ago and it is believed that its London data center was affected.

A spokesperson of the charity confirmed that the Charity Commission and the Information Commissioner’s Office have been informed about the incident.

Also, its staff is working to notify any other relevant third parties.

This attack has, however, not affected services to its clients who depend on the Salvation Army. “We can also confirm that our services for the vulnerable people who depend on us are not impacted and continue as normal,” the spokesperson added.

The organisation has not issued any statement regarding the intensity of the ransomware attack, the identity of the threat actor, or the details of the compromised data.

Ransomware is a virus which compromises the integrity of a user's data. Usually it means hackers can access peronal data such as bank account details. Perpetrators then ask for cash in the form of cryptocurrency, to remove the virus.

However, the leaked data hasn’t surfaced in any of the ransomware gang sites so far.

A spokesperson from the ICO confirmed that the watchdog has been notified about the incident. “People have the right to expect that organisations will handle their personal information securely and responsibly.

“If an individual has concerns about how their data has been handled, they should raise it with the organisation first, then report them to us if they are not satisfied with the response,” they said.

“In line with our guidance, the charity has submitted a serious incident report in relation to this matter. We are currently assessing this information and cannot comment further at this time,” said the Charity Commission.

This isn’t the first time that a charitable organisation has been the target of cyber criminals. In December last year, Action Fraud, along with the Charity Commission and the Fundraising Regulator, warned that cyber criminals will certainly make attempts to impersonate well-known UK charities online to fool the public into transferring donation money to their accounts during the festive period.

Action Fraud, which is run by the City of London Police as the national fraud and cybercrime reporting service, said that during the festive season last year, almost £350,000 of charitable donations ended up in the pockets of criminals who made fundraising appeals online in the name of well-known charities.

 

Comments

Be the first to comment.