back to article Christians Against Poverty pleads for forgiveness over data breach

UK debt relief charity Christians Against Poverty has begun writing to supporters following a data breach that exposed personal details – including phone and bank account numbers, and banking sort codes. Unidentified hackers broke into the charity’s systems in late July. The intrusion was only detected a week later, as an …

  1. JimmyPage Silver badge
    Stop

    It's unclear whether the exposed data was encrypted or not

    I think it's *very* clear. Like the data, in fact.

  2. JimmyPage Silver badge

    just to answer myself ,,,

    it's almost axiomatic that an organisation that suffers a data breach will also be an organisation for whom encryption at rest is something "other people do".

    Also, just for clarity: A password protected Excel spreadsheet is not - and will never be "encrypted".

    1. Adam 52 Silver badge

      Re: just to answer myself ,,,

      Encryption at rest is hard. For most people it's ticking the "encrypt" box in EBS/NTFS/LVM but that doesn't really help in any situation except physical theft.

      I'll best most of the supposedly IT literate Reg readership don't have all copies of their customer database encrypted.

    2. Just Enough

      Re: just to answer myself ,,,

      Sadly, in common with many charity outfits, it's very possible that their "systems" were indeed Tony in the office's desktop computer and his spreadsheet. And the "sophisticated, illegal, external attack" was malware on an email attachment.

      I can understand why a charity may not have the cash, or desire, to spend shedloads on security. But in that case they really should have the sense to not attempt to store bank details. Why wasn't that left to their bank?

  3. Anonymous Coward
    Anonymous Coward

    The Lord

    Works in mysterious ways indeed.

    As for whether or not the passwords were hashed.

    I heard they were chiselled into a stone tablet which was likely covered in lead. One can only assume its now on the back of a pikeys van. Sad really.

  4. Baldy50

    I've never used one, but...

    Maybe we have to change the way we do business and by that I mean buy stuff.

    I've noticed many times people on here use the term 'pre paid card', maybe that's the way forward!

    Plan your purchases as you would normally do but over a secure system transfer just enough to buy what you want and no more and use that throw away card with no links to you.

    This approach would curtail the debit/credit card scammers. Scumbags!

    1. Mark 85

      Re: I've never used one, but...

      The only problem with that is unless you physically go to the place selling the cards and hand over cash, chances are the system selling the cards can be breached.

      Correction... make that "the system selling the cards WILL be breached".

      1. Anonymous Coward
        Anonymous Coward

        Re: I've never used one, but...

        You can get cash cards that you can top up online. Some can even be topped up with Bitcoin.

        So hold a portion of cash in Bitcoin in a cold wallet. When you need to spend some transfer some BTC to your card then spend immediately.

        .The safety of your money is entirely up to you this way. Nothing is held online and nothing is held by a third party for longer than is necessary.

        I know the value of BTC fluctuates in the short term but over longer periods it generally increases. More so than the interest you can get on a current account.

        You don't have to be a "believer" or use it for the rest of your life. Just while you can take advantage of it.

  5. Anonymous Coward
    Anonymous Coward

    good ole megachurches

    >Christians Against Poverty

    Ever notice the mega churches that draw the most people (at least in the US) are more about prosperity preaching (ie God wants me to be rich)? I guess that is how they are against poverty. Luckily I hope at least they are still a tiny minority.

    1. WaveyDavey

      Re: good ole megachurches

      These guys are definately not the "Prosperity Gospel" leeches, who I wouldn't piss upon if they were on fire. CAP id an organisation who's primary goal is to help people who have got themselves into a nasty mess of debt manage their finances and get out of debt. They are not perfect, some creditors do not like them at all, and are admittedly evangelical - if their assistance encourages a client to church they will be very happy bunnies indeed, but it is a side goal.

      I *have* seen their help have a clear, direct and great affect on a peronal friend (who would still only be dragged into church for hatchings, matchings and dispatchings).

      Disclaimer: I once went for a job there (in Bradford), and I know someone who works there.

    2. Sixtysix
      Angel

      NOT good ole megachurches

      Going on accounts from several of my friends who volunteer with CAP, it's a lot closer to the "ideal" of a Church (helping your neighbor) rather than the institution of "Church on Sunday".

      I believe many CAP branches (possibly all, not an expert) are "hosted" by a local Church who support/lead the fundraising for the CAP branch, sometimes pay a "wage"/expenses to the main local CAP contact (was the case locally in the past, not currently), and many of the volunteers will be Church members (I think all local CAP staff are volunteers) but not necessarily the same Church.

      More closely aligned to Robin Hood than Sherrif of Nottingham, which is why debt collectors dislike them :D

  6. Florida1920

    God forgives

    Victims of hacking don't.

    1. Anonymous Coward
      Anonymous Coward

      God forgave already...

      ...christians are encouraged (or expected, depending on your flavour) to do likewise.

      Except to unrepentant hackers, obviously.

  7. h4rm0ny

    Scum

    You have to be a special kind of scum to attack a charity for the poverty-stricken.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like