The Information Commissioner’s Office has the British and Foreign Bible Society with £100,000 for exposing its users’ data to risk. The organisation that translates and distributes the Christian Bible in the UK and around the globe was hit with a ransomware attack recently.
During the attack, data of 417,000 supporters was put to risk. Hackers didn’t damage or destroy the data, but they managed to pull some of it out. Some of that data may include payment information, which basically means credit card data.
The organisation earns its living from card donations from its supporters in the UK and around the world. Those that donated have had their data stored on a service account, on the same network. It was configured in such a way that it could be accessed remotely. To add insult to injury, it was protected with an “easy-to-guess” password, according to The Register.
The ICO understands that ransomware, and cyber-attacks in general, are criminal acts and will always happen, but the organisation could have, and should have, done more to protect the data.
The ICO's head of enforcement, Steve Eckersley, said: "The Bible Society failed to protect a significant amount of personal data, and exposed its supporters to possible financial or identity fraud. Our investigation determined that it is likely that the religious belief of the 417,000 supporters could be inferred, and the distress this kind of breach can cause cannot be underestimated."
"Cyber-attacks will happen, that’s just a fact," adding, "we fully accept that they are a criminal act. But organisations need to have strong security measures in place to make it as difficult as possible for intruders."
The ICO found the society failed to take appropriate technical and organisational steps to protect its supporters’ personal data. It has since taken substantial remedial action and has fully co-operated with the ICO’s investigation, it said.
Image source: Shutterstock/AVN Photo Lab