Update on cyber attack

23 Nov 2016 01:37 PM

An STFC events registration site was  the victim of a cyber-attack by unknown perpetrators earlier this month.

The hackers extracted a registration database, containing personal non-financial information from approximately 12,000 registrations.

STFC has yesterday written to all individuals listed on this database to advise them of the cyber-attack, to apologise for the release of their data, and to provide information on the enhanced security features and other actions we have taken in response.

Although the database does not contain financial information, we are strongly advising affected individuals  that if the password used for this service is also used for other cloud services e.g shopping or banking, they should change those passwords as soon as possible.

We are also  advising affected persons to be extra vigilant for Phishing attacks that may utilise the data found within the database to attempt to extract further personal information from them.

The Information Commissioner’s Office has been informed.

No financial information was included in this database and the personal data involved in this breach was as follows:

Name

Address

Telephone Number

Email Address

User ID and password for this service (passwords were encrypted)

Dietary Requirements

We apologise for any inconvenience this may have caused these event attendees and if they have any questions they should direct them to the STFC Information Management team.

Contact Information:

STFC Data Protection Team

ICO contact details

Further fraud information can be found at Action Fraud