The Salvation Army, a Christian charity organisation, has recently confirmed that it was targeted by a ransomware attack affecting its London data centre.
A Salvation Army spokesperson confirmed to The Register that the Charity Commission and the Information Commissioner’s Office have been informed about the incident. Also, its staff is working to notify any other relevant third parties.
“We are investigating an IT incident affecting a number of our corporate IT systems. We have informed the Charity Commission and the Information Commissioner’s Office, are also in dialogue with our key partners and staff and are working to notify any other relevant third parties.”
She continued: “We can also confirm that our services for the vulnerable people who depend on us are not impacted and continue as normal.”
The organisation has not currently issued a statement regarding the intensity of the ransomware attack, the identity of the threat actor, or the details of the compromised data.
‘Criminals will be quick to take advantage’
Jake Moore, a cyber security specialist with Slovakian antivirus firm ESET, told The Register: “It is vital that those who could be at risk are equipped with the knowledge of how to mitigate further attacks. The first few days and weeks after a breach are the most important, as criminals will be quick to take advantage of the situation and strike while they still can.”
Speaking about the ransomware attack targeting the Salvation Army, Trevor Morgan, product manager at comforte AG, told Teiss that: “No cyberattack is acceptable or warranted. Yet, most of us recoil strongly when charitable people and organisations like the Salvation Army become the targets of criminals. Every organisation—even a non-profit—has valuable data about its employee base as well as external customers and other contacts. This data must be guarded not only with perimeter-focused security but also with data-centric methods that protect the data itself.”
The Cyber Security Breaches Survey, published by the Department for Digital, Culture, Media and Sport found that just over a quarter (26%) of charities said they had experienced a cyber breach in the last year.
Action Fraud, which is run by the City of London Police as the national fraud and cybercrime reporting service, said that during the festive season last year, almost £350,000 of charitable donations ended up in the pockets of criminals who made fundraising appeals online in the name of well-known charities.