Sign up for the Security newsletter

Police investigate charity credit card data hack

Criminals steal almost 3,000 card details…

By Andy McCue on 12 December 2005 13:10

NEWS

Police at Scotland Yard's computer crime squad are investigating the hacking of a UK charity website that has resulted in the theft of almost 3,000 credit card details.

Hackers breached the security of the Aid to the Church in Need website on Sunday 27 November and stole the credit card details, names and addresses of 2,800 charity donors held on the system.

The fraudsters have already used the stolen credit card details and have even telephoned some of the victims directly pretending to be from the charity and asking for money.

The website was taken offline as soon as the breach was discovered but it is not known yet how the hackers broke in. A spokesman for the charity told silicon.com: "We are not able to divulge how they got in the website for security reasons."

Neville Kyrke-Smith, UK national director of Aid to the Church in Need, has already contacted over 2,800 charity donors identified as being at risk and said the website will remain offline until the matter is resolved.

Kyrke-Smith said he believes the charity was specifically targeted in the run-up to Christmas despite having a "professionally designed website" with encryption and secure server access.

He said: "There is a conspiracy of silence over the question of internet security, as only one in eight computer crimes is apparently reported. We wanted to be honest and would urge people to be vigilant, particularly at this time of the year."

The charity now fears the hack attack will hit fund-raising for crucial aid projects in Iraq, Pakistan and Sudan.

Comments

There are 4 comments. Join the discussion

  1. 1. Graham Coles

    So if it had "encryption", how were the card numbers stolen?

    By "encryption", presumably they mean "encrypted in transit" but stored in plain form on the server where anyone can (and did) read them without any problem.

    • 13 December 2005 10:11
    • Add comment

  2. 2. Ev Samuel

    "We are not able to divulge how they got in the website for security reasons."

    Lack of security is a more likely reason.

    • 13 December 2005 11:02
    • Add comment

  3. 3. Guy Reynolds

    For some reason I thought it was a leagal requirement for information like creditcard details to be stored in encrypted from, or maybe I am wrong.

    On the otherhand perhaps it was stored in encrypted form and people just left the decryption keys stored on servers.

    • 13 December 2005 13:08
    • Add comment

  4. 4. Angus Cleaver

    Why were they storing credit card details in the first place?

    • 14 December 2005 13:00
    • Add comment

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your silicon.com account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ

Get silicon.com's daily newsletter

  • Register on silicon.com

    Enter your email to register

Keep in touch with silicon.com

silicon.com newsletters