Christian charity organisation the Salvation Army has recently confirmed that it was targeted by a ransomware attack that compromised some of its corporate systems located in the UK.
According to The Register which was the first to report the incident, Salvation Army identified the attack a month ago and it is believed that its London data center was affected by the incident. A Salvation Army spokesperson confirmed that the Charity Commission and the Information Commissioner’s Office have been informed about the incident. Also, its staff is working to notify any other relevant third parties.
This attack has, however, not affected the service rendered to the vulnerable people depending on the Salvation Army. “We can also confirm that our services for the vulnerable people who depend on us are not impacted and continue as normal,” the spokesperson added.
The organisation has not issued any statement regarding the intensity of the ransomware attack, the identity of the threat actor, or the details of the compromised data. However, the leaked data hasn’t surfaced in any of the ransomware gang sites so far.
Speaking to The Register, a spokesperson from the ICO confirmed that the watchdog has been notified about the incident. “People have the right to expect that organisations will handle their personal information securely and responsibly. If an individual has concerns about how their data has been handled, they should raise it with the organisation first, then report them to us if they are not satisfied with the response,” they said.
“In line with our guidance, the charity has submitted a serious incident report in relation to this matter. We are currently assessing this information and cannot comment further at this time,” said the Charity Commission to The Register.
Commenting on the ransomware attack targeting the Salvation Army, Trevor Morgan, product manager at comforte AG, told Teiss that “no cyberattack is acceptable or warranted. Yet, most of us recoil strongly when charitable people and organisations like the Salvation Army become the targets of criminals. Every organisation—even a non-profit—has valuable data about its employee base as well as external customers and other contacts. This data must be guarded not only with perimeter-focused security but also with data-centric methods that protect the data itself.
“Classic data encryption is one common option, but organisations have to use their data so without format preservation (many forms of encryption do not preserve data format) they are forced to choose between two states: protected/unusable or de-protected/usable.
“Tokenization is a much better option, because it obfuscates sensitive data elements while preserving the data format, which means business applications can still process and work with that information. For enterprises and non-profit organisations alike, data-centric security is a very viable way to prevent incidents like these from becoming catastrophic data breaches. Be charitable to your own enterprise by protecting all sensitive data with data-centric security,” he added.
This isn’t the first time that a charitable organisation has been the target of cyber criminals. In December last year, Action Fraud, along with the Charity Commission and the Fundraising Regulator, warned that cyber criminals will certainly make attempts to impersonate well-known UK charities online to fool the public into transferring donation money to their accounts during the festive period.
Action Fraud, which is run by the City of London Police as the national fraud and cybercrime reporting service, said that during the festive season last year, almost £350,000 of charitable donations ended up in the pockets of criminals who made fundraising appeals online in the name of well-known charities.
This is also not the first time that a charity organisation in the UK has become a victim of a ransomware attack. Between January and March, cybercriminals targeted at least four charities with ransomware attacks, including education charity Harris Federation which runs fifty primary and secondary academies in London and Essex with more than 36,000 pupils enrolled.
“This is a highly sophisticated attack that will have a significant impact on our academies but it will take time to uncover the exact details of what has or has not happened, and to resolve. In addition to using the services of a specialised firm of cyber technology consultants, we are working closely with the National Crime Agency and the National Cyber Security Centre,” the education charity said.