Details of over 15,000 expectant parents leaked, including email addresses
A large-scale data breach at the National Childbirth Trust (NCT),has left thousands of users possibly at risk of having their details stolen.
The charity, which offers support to new and expectant parents, saw the email addresses, password and usernames of 15,085 users leaked.
“NCT has suffered a data breach which, regrettably, has caused some users of our website to have their registration details compromised,” a spokesperson for the charity said.
“These details are limited to their email address, username and an encrypted version of the password that they created to register on the site.
“We stress that no financial or personal details are held as part of this data so no financial or personal details have been accessed.”
“We discovered the breach (on Wednesday), upon which we contacted everyone affected advising them of the breach and suggesting that they change their username and passwords.”
The NCT said that no other user information had been accessed during the breach, which it has reported to police and the Information Commissioner’s Office (ICO).
NCT chief executive Nick Wilkie confirmed the breach in an email to users, advising that they change their passwords immediately, and ensure any other accounts that use the same details are also amended.
The breach could prove to be an important wake-up call for charities and other organisations that store large amounts of user data.
“All organisations, particularly those which handle sensitive and private personal details, have a legal and ethical duty to protect their customers’ data,” commented Christine Andrews, managing director of data governance, risk and compliance firm DQM GRC.
“However, small businesses and charities may feel that they don’t have access to the necessary resources, or that they lack the technical expertise and often don’t consider themselves as worthwhile targets for hackers – and the consequences are that many don’t have a sound approach tackling data security.”
“Ultimately, all organisations (in particular those that handle sensitive data) need to properly assess the risks and consequences of a data breach, and consider what would happen if that data was made public. This should encourage them to implement the necessary resources and adequately strengthen data security.”
What do you know about some of the world’s biggest data breaches? Take our quiz to find out!