Police investigate charity credit card data hack

Criminals steal almost 3,000 card detailsÂ…

By Andy McCue, 12 December 2005 13:10

NEWS

Police at Scotland Yard's computer crime squad are investigating the hacking of a UK charity website that has resulted in the theft of almost 3,000 credit card details.

Hackers breached the security of the Aid to the Church in Need website on Sunday 27 November and stole the credit card details, names and addresses of 2,800 charity donors held on the system.

The fraudsters have already used the stolen credit card details and have even telephoned some of the victims directly pretending to be from the charity and asking for money.

The website was taken offline as soon as the breach was discovered but it is not known yet how the hackers broke in. A spokesman for the charity told silicon.com: "We are not able to divulge how they got in the website for security reasons."

Neville Kyrke-Smith, UK national director of Aid to the Church in Need, has already contacted over 2,800 charity donors identified as being at risk and said the website will remain offline until the matter is resolved.

Kyrke-Smith said he believes the charity was specifically targeted in the run-up to Christmas despite having a "professionally designed website" with encryption and secure server access.

He said: "There is a conspiracy of silence over the question of internet security, as only one in eight computer crimes is apparently reported. We wanted to be honest and would urge people to be vigilant, particularly at this time of the year."

The charity now fears the hack attack will hit fund-raising for crucial aid projects in Iraq, Pakistan and Sudan.

Comments

There are 4 comments. Join the discussion

  1. 1. Graham Coles

    So if it had "encryption", how were the card numbers stolen?

    By "encryption", presumably they mean "encrypted in transit" but stored in plain form on the server where anyone can (and did) read them without any problem.

  2. 2. Ev Samuel

    "We are not able to divulge how they got in the website for security reasons."

    Lack of security is a more likely reason.

  3. 3. Guy Reynolds

    For some reason I thought it was a leagal requirement for information like creditcard details to be stored in encrypted from, or maybe I am wrong.

    On the otherhand perhaps it was stored in encrypted form and people just left the decryption keys stored on servers.

  4. 4. Angus Cleaver

    Why were they storing credit card details in the first place?

Post your comment

In order to post a comment you need to be registered and logged in.

Log in or create your silicon.com account below

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ