BASC, the British Association for Shooting and Conservation is warning over 150,000 members to “be vigilant around home security” after the personal data of members was stolen from a website dealing in firearms.
Registered in Wales in 1997 as the single representative body for shooting sports, BASC boasts over 150,000 members and its staff include a president, chairman, an elected board called Council, a chief executive, and more than 100 staff members. It is headquartered at Marford Mill and functions through eight regional offices across the UK.
On 21st July, BASC issued an alert on its website, warning members across the UK to be vigilant about their home security as their personal information, including home addresses and email addresses, had been stolen by hackers from a website dealing in firearms. The affected members are most likely to be firearm and shotgun certificate holders.
“The National Crime Agency is aware of the issue and BASC is working with them to ensure we can update members as quickly as possible as the situation develops. Our advice to members would be to check home security and be extra vigilant. Make sure all firearms are appropriately locked away and make sure buildings are kept secure. Follow normal good crime security advice and report anything suspicious to the police,” said Martin Parker, the head of firearms at BASC.
While there is a possibility of hackers selling the personal data of firearm owners to the highest bidders, including criminals who may want to steal and smuggle high-value firearms, Boris Cipot, a senior security engineer at the Synopsys Software Integrity Group, says that there is a possibility that hackers may masquerade BASC itself in emails to scam victims into handing over their personal data.
“Those affected by the breach must be careful about how they manage the emails they receive. Do not click on unsolicited links or share data that might be requested. Also, do not open attachments, especially if they come from an unknown sender. In the case that you receive phone calls or even personal visits to your home, remain vigilant.
“Make sure that you do not give out any information over the phone – official organisations typically do not request any personal information over the phone as they are aware of data privacy,” Cipot added.
This is not the first time that the privacy and security of firearms owners in the UK have been compromised. In April 2017, BASC alleged that the Met Police shared the personal data of 30,000 firearm and shotgun certificate holders with a commercial firm that offered to watermark weapons.
BASC said that Met “used Leeds-based company Corporate Document Services (CDS) to print leaflets advising certificate holders of a scheme to buy a product called Smartwater to forensically mark their guns.” The task of distributing leaflets to firearm certificate holders was further sub-contracted by CDS to Yes Direct Mail.
“We can see no legal authority which allows the Met to breach the Data Protection Act by passing on sensitive, confidential information to as many as three external companies. BASC is treating this as a potentially serious breach of trust by the Met. We do not believe certificate holders have given their permission for their sensitive, personal information to be passed to third parties,” it said.
In response, the Met told the press that “CDS are a reputable, print company and not a commercial marketing agency. They are already, specifically contracted by the Met for ‘the supply of external print and associated services’ under a Crown Commercial Services framework.
“They hold appropriate information security accreditations and no personal information is to be retained. We have contacted them and the sub-contractors and we are assured that all the personal data has been deleted in line with their policies. We are investigating the matter internally and will keep the ICO informed accordingly.”