- An attacker gained access to the UKSEDS web server, which contains databases used by our main website and transaction system.
- They had access to the data stored in these databases, which includes customers’, attendees’, members’, branch leads’ and sponsors’ information (detailed separately).
- We don’t think they accessed this information. The evidence suggests their goal was adding spam links to our website.
- We have secured our web server, informed the relevant authorities and put in place procedures to prevent this from happening again.
What do you need to do?
- No financial data or login details have been compromised, so there is no immediate action you need to take
- Be vigilant regarding spam, phishing emails or signs of identity theft
- If you are worried, follow the advice recommended by Which?
On the 4th April 2018 we discovered that the UKSEDS website had been attacked on 19th March 2018. The attacker gained access to several databases used by UKSEDS services, including the WordPress platform used for our main website (www.ukseds.org), and all customer purchases, event registrations, and membership registrations.
We do not know the identity of the attacker or how they gained access to our web server. Our logs suggest that they were focused on adding spam links to our WordPress site.
Personal data exposed
We have no evidence that any data was accessed, but cannot rule out the possibility that it was. The following data may have been compromised:
Previous customers, event attendees, and members:
- Email Address
- Billing Address (customers/event registrations only)
- Email Address
- Phone Number
- Shipping Address
- Contact Name
- Contact Email Address
- Contact Phone Number
- Invoicing Address
No personal financial information is stored in UKSEDS databases, so if you have paid with a credit card or by other means, this has not been compromised. Everyone in our databases who may have been compromised was contacted via email between 5th and 15th April 2018. If you think you may have been affected, but did not receive this, this may be because the email address we have on record for you is no longer contactable.
Upon discovering the breach, we immediately re-secured our web server, which included removing malicious files, changing passwords and removing defunct services.
We will continue to investigate this breach in the coming weeks. We have already taken actions to improve our security and will be further reviewing our internal security policies to reduce the likelihood of future breaches, minimise their effects, and speed up our response time.
We are committed to ensuring we take every possible action to protect the data we store, and to ensure we do not store data we do not need. We have notified the Information Commissioner’s Office of this breach.
If you have any concerns, please contact us at [email protected].