• silicon.com
• Technology
• Security

By silicon.com, 12 December 2005 16:00

The news that a UK charity has seen its systems breached and 2,800 donors' credit card details stolen is pretty shocking stuff.

Charities have long been singled out by hackers, often for petty crimes such as web defacement, because they are perceived as being a soft touch. But anybody who has dealt with a charity in a professional capacity will know there are often hard businessmen and women at their heart and run accordingly.

As such any breach of this kind is simply not tolerable. But the real difference here to so many other breaches is the fact we're talking about it. We know it happened, if not how it happened – because the charity Aid to the Church in Need is talking about it, openly.

Let's put aside the obvious fact that such an admission doubtless pre-empted news of the breach coming to light anyway and the charity being outed for the breach and a cover-up.

After all, 2,500 credit cards numbers aren't stolen for no reason and customers may soon have started putting two and two together – especially as the fraudsters are believed to have been behind phone calls to a number of members whose details had been stolen.

But give the charity credit for subsequently talking openly about the fact they have been breached and that donors accounts have been compromised. Too much is brushed under the carpet and the unwillingness to talk about such matters hampers the fight.

Neville Kyrke-Smith, UK national director of Aid to the Church in Need, said: "There is a conspiracy of silence over the question of internet security, as only one in eight computer crimes is apparently reported. We wanted to be honest and would urge people to be vigilant, particularly at this time of the year."

He's right, at least about the conspiracy of silence.

Obviously putting a number on how many crimes go unreported is a rather inexact silence, akin to plucking numbers from thin air. But if more organisations did speak openly about the issues they face then we genuinely believe it would be a major step in the right direction.

In California the law states companies must operate a policy of total disclosure and while legislation is not always the best route to take a policy of non-disclosure may well breed a culture of cutting corners if the risk of public shaming doesn't exist.

You can be sure when Aid to the Church in Need discovers where its weakness was it will take more robust steps to ensure it doesn't happen again than those organisations who have already got away with a breach once before.