In a recent cybersecurity breach, hackers accessed the donor information of prominent charitable organizations functioning in the United Kingdom. The organizations that lost their data were Dogs Trust, the Royal Society for the Prevention of Cruelty to Animals (RSPCA), and Friends of the Earth among others. It was the Kokoro cyber attack that allowed hackers to steal donor information from various charitable organizations in the UK.
Hackers did not breach the systems of the UK-based charities. The data breach took place on the third-party servers of Kokoro.
Kokoro Cyber Attack Posing a Risk to UK-Based Charity Donors
Information about donors including surnames, postcodes, email addresses, and past donations was accessed by hackers in the incident involving About Loyalty. They also accessed data showing the donor’s relationship with the charitable organizations and events they participated in.
Other sensitive donor data including passwords or bank details were not stolen by the presently unknown hackers of the UK Charities data breach.
So far the organizations that have been reported to have suffered a data breach are Shelter, Battersea Dogs and Cats Home, Dogs Trust, RSPCA, and Friends of Earth. The donors of the said charities include high-profile celebrities.
Sir Elton John is the ambassador of Battersea Dogs and Cats Home, Alan Carr is associated with Dogs Trust, and Sir Brian May supports the Royal Society for the Prevention of Cruelty to Animals.
Third-Party Kokoro Cyber Attack
The UK-based charities use the services offered by a donor survey-conducting firm, About Loyalty. About Loyalty uses the services offered by a web server firm, Kokoro. About Loyalty’s data was targeted by hackers on August 9.
They then breached the sub-contractor, Kokoro which manages data for About Loyalty. “Hackers hit a survey company that works with more than 40 charities…,” read a Dailymail report throwing light on the potential number of affected organizations due to the Kokoro data breach.
Kokoro Cyber Attack and Impacted Donors
The Kokoro cyber attack took place in August however, it came to light recently when About Loyalty alerted its client charity organizations about it. After getting a notice regarding the Kokoro cyber attack, the charity organizations alerted its donors and others impacted by it.
The potential amount of data exfiltrated by the Kokoro cyber attack hackers could be estimated by the number of supporters the organizations have. The RSPCA has 500,000 supporters, while Friends of the Earth has 93,000 supporters.
Responding to our email, About Loyalty said, “Our third-party research partner, Kokoro, recently informed us that they had experienced a cybersecurity incident which may have involved access to some data relating to a subset of About Loyalty’s clients. For more information, please contact Kokoro.”
Alerts Sent to Donors Targeted in the RSPCA Data Breach and Others
An RSPCA spokesperson addressed the security incident it suffered and said, “Although there is no evidence that this data has been shared further, we contacted our supporters as a precaution to offer our reassurance and support.”
A Dogs Trust spokesperson said, “Dogs Trust has been working closely with the third-party provider, the ICO, and other charities affected, and we are confident that this security breach has been resolved and there is no continued risk to our supporters’ information.”
Addressing the Kokoro data breach, the company spokesperson assured that they were confident that the incident had been contained with no further risk to its systems.
A supporter of one of the affected UK charities said to the Daily Mail, “If the security breach happened six weeks ago, how come it has taken so long for them to tell us? Who knows what the hackers could have been up to in that time?”
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
