Data of hundreds of RNIB customers might have been stolen by hackers, charity says

The sight-loss charity says hackers accessed payment card details belonging to as many as 817 customers of its online shop

RNIB headquarters
RNIB headquarters

The Royal National Institute of Blind People's online shop has been hacked, with the data of hundreds of customers potentially affected, the charity has said. 

RNIB confirmed that it discovered a problem with its online shop on the evening of Friday 24 November, and on the morning of Monday 27 November identified there had been a breach of its security.

The breach involved the illegal access of some customers’ payment card details between 16 and 27 November, the charity said.

It added that the data of as many as 817 customers might have been affected by the breach.

The charity launched an immediate investigation, which is ongoing, and suspended its online shop.

It also reported the incident to Action Fraud, the Information Commissioner’s Office and the Charity Commission

RNIB said the breach had been dealt with and that it had "put appropriate measures in place to prevent a repeat incident". 

Sally Harvey, chief executive of RNIB, said: "We take our responsibility for keeping our customers’ details safe extremely seriously. As soon as we became aware of the issue, we contacted 817 people as a precautionary measure.

"These were customers who had made purchases via the online shop during this time. We have recommended that they contact their bank or credit card providers and follow their advice in order to protect their accounts."

Harvey said the issue that caused the breach "has already been identified and resolved" and the online shop was back up and running "following extensive testing".

A spokeswoman for the Charity Commission said it had received a serious incident report from the RNIB about the issue.

"Reports of this nature are of serious concern to the commission, and the charity has taken appropriate steps by reporting the incident to us," the spokeswoman said.

"We will be engaging with the trustees further to ensure that they are acting in compliance with their responsibilities to protect the charity’s assets, service users and reputation."

An ICO spokesman said it was aware of the data breach at the RNIB and was making inquiries.

The Department for Digital, Culture, Media and Sport released a report in August about cyber vulnerabilities in the charity sector, in which it said that there was a need for basic awareness raising of cyber-security issues among charity staff and trustees.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in
RSS Feed

Third Sector Insight

Sponsored webcasts, surveys and expert reports from Third Sector partners