Update on cyber attack
23 Nov 2016 01:37 PM
An STFC events registration site was the victim of a cyber-attack by unknown perpetrators earlier this month.
The hackers extracted a registration database, containing personal non-financial information from approximately 12,000 registrations.
STFC has yesterday written to all individuals listed on this database to advise them of the cyber-attack, to apologise for the release of their data, and to provide information on the enhanced security features and other actions we have taken in response.
Although the database does not contain financial information, we are strongly advising affected individuals that if the password used for this service is also used for other cloud services e.g shopping or banking, they should change those passwords as soon as possible.
We are also advising affected persons to be extra vigilant for Phishing attacks that may utilise the data found within the database to attempt to extract further personal information from them.
The Information Commissioner’s Office has been informed.
No financial information was included in this database and the personal data involved in this breach was as follows:
Name
Address
Telephone Number
Email Address
User ID and password for this service (passwords were encrypted)
Dietary Requirements
We apologise for any inconvenience this may have caused these event attendees and if they have any questions they should direct them to the STFC Information Management team.
Contact Information:
STFC Data Protection Team
ICO contact details
Further fraud information can be found at Action Fraud