The independent regulator for charitable activity in England and Wales noted that this recent hack of Aid to the Church in Need saw cybercriminals break into servers and steal personal details of the charity's donors. In some cases, the fraudsters have used these details to contact benefactors directly to extract more money.
It is too early to know how much the hackers may have stolen from unsuspecting members of the public, but the charity said that the addresses of more than 2,000 online donors have been accessed. The charity swiftly shut down its website, warned benefactors and reported the breach of security to the police.
Neville Kyrke-Smith, national director at Aid to the Church in Need U.K., said, "We are all in a state of shock. Apart from the obvious distress to benefactors, we're concerned that our charity's identity has been stolen. However it's the beneficiaries, those who need the money the most, who will ultimately suffer. I urge all charities to regularly review their website security and make sure all software is up-to-date."
Andrew Hind, chief executive at the Charity Commission, added, "This charity already used a secure encrypted connection to transfer and store data, and the organization's website should have been safe. However, it's a sad fact of modern times that charities, like businesses, have to make sure their websites are protected. All charities need to regularly review website security and make sure they stay ahead of the hackers and fraudsters."
Charities concerned about web security are advised to view the online guidance found on the Department of Trade and Industry website.