Share this page: 

Data security incident - August 2016

Matt Barlow
UK Chief Executive

On 1 August 2016 we identified some suspicious activity on our computer systems that presents a potential security risk for those whose data is held by Christians Against Poverty.

Our investigations show that some, but not all, of our systems were compromised the week prior. As soon as we identified this we called in IT security experts who confirmed that although our servers and systems were well protected, we have been subjected to a sophisticated, illegal, external attack.

Unfortunately, this means that details belonging to supporters and clients (both current and former) may have been accessed. These details could include names, addresses, email, phone and bank account numbers/sort codes. I’m really disappointed that this has happened, but I want to reassure you that we are taking all possible steps to ensure the ongoing security of our systems.

We have answered a number of questions below and also have a dedicated phone number and email address, should you want to get in touch.

7 November 2016 - update
The police are still conducting their investigations and have yet to confirm whether any data that CAP held on it's databases, although accessed, has actually been stolen. There are also no confirmed reports of any data being used illegally against people. If there is significant news from this, we will keep you informed. In the meantime with input from our security consultants, we have completed a number of security improvements to help further protect ourselves against illegal hacking.

Questions

What has happened?

On 1 August 2016 our IT team identified some suspicious activity on our computer systems. Our investigations show that some, but not all, of our systems were compromised the week prior. As soon as we identified this we called in IT security experts who confirmed that although our servers and systems were well protected, we have been subjected to a sophisticated, illegal, external attack.

Unfortunately, this means that details belonging to supporters and clients (both current and former) may have been accessed. These details could include names, addresses, email, phone and bank account numbers/sort codes.

What data was accessed?

Details belonging to supporters and clients (both current and former) may have been accessed. These details could include names, addresses, email, phone and bank account numbers/sort codes.

Case information for our CAP Debt Help clients may also have been accessed.

Please be reassured that this doesn't put you at risk of any direct financial loss. They will not be able to access your bank account or buy things online in your name with this information alone.

CAP Release Groups and CAP Life Skills members have not been affected by this attack.

What are CAP doing?

We are taking this issue very seriously and are continuing to investigate with the help of the police and external security experts. Please be reassured that we are taking all possible steps to ensure the ongoing security of our systems.

This incident has been reported to the Information Commisioner's Office.

What do I need to do?

Those who may have obtained this information could use it to contact you and try to obtain other personal or financial details. So please be especially on guard for scam phone calls or emails that may look official, asking you to click links that could put you at risk (also known as ‘phishing’). You can find out more about protecting yourself against fraud and identity theft at getsafeonline.org.

Any further action depends on what data we hold for you. Choose an option below to find out more.

Stage 1I am a current CAP Debt Help client

Your CAP Plan will be unaffected by this incident and any savings held within your CAP Plan remain secure. Please continue to pay in to your plan as agreed to ensure outgoing payments are maintained. Any changes to your CAP Plan should be requested through the usual methods.

If you have any further questions or concerns regarding this incident and security of your data, please contact our team using the details on this page.

We remain committed to helping you on your journey towards freedom from debt.

Stage 2I am a former CAP Debt Help client

As detailed above, please remain vigilant regarding online and identity fraud (getsafeonline.org). No further action is required from you regarding CAP Debt Help.

If you have any further questions or concerns regarding this incident and security of your data, please contact our team using the details on this page.

Stage 2I am a CAP supporter

As detailed above, please remain vigilant regarding online and identity fraud (getsafeonline.org). No further action is required from you regarding your support for CAP.

If you have any further questions or concerns regarding this incident and security of your data, please contact our team using the details on this page.

We really value you standing with us through this.

Stage 3I am a CAP Job Club member

Contact details and case notes are held for all CAP Job Club members, and may have been accessed. As detailed above, please remain vigilant regarding online and identity fraud (getsafeonline.org).

No further action is required from you regarding CAP Job Clubs

If you have any further questions or concerns regarding this incident and security of your data, please contact our team using the details on this page.

Stage 3I am a CAP Money Online user

As detailed above, please remain vigilant regarding online and identity fraud (getsafeonline.org). Though no financial details are held on the CAP Money System, any data held within your budget worksheet may have been accessed.

Having taken the CAP Money Online server offline as a precaution, our team our working hard to get back online as soon as possible. When you login, you will be asked to change your password. If you use your CAP Money Online password for anything else, you should change this immediately. Though CAP Money Online passwords are encrypted on our system, they may have been accessed.

If you have any further questions or concerns regarding this incident and security of your data, please contact our team using the details on this page.

capuk.org uses cookies to make the site simpler.