Categories
Digital Transformation

Sports club members left fuming after 2010 data theft is revealed

Tens of thousands of sports club members were the victims of data theft – in 2010.

Members of a sports and leisure club have expressed their anger after it was revealed that their private data was stolen two-and-a-half years ago.

The Civil Service Sports Council (CSSC) was targeted by hackers in or before February 2010 and they stole names, addresses, National Insurance numbers and dates of birth of tens of thousands of members.

These included everyone from civil servants and public sector workers to postmen and BT staff, with some also having their debit card details and employment information taken.

Officials at the club were alerted after the hackers attempted to defraud the central government and the data being used to do so was traced back to the CSSC.

However, despite members of the public being put at risk from identity theft and the police launching a lengthy investigation, affected members were not notified.

Indeed, a letter only went out to warn past or present CSSC members they had had their details compromised on November 23rd 2012.

"We took the advice of the relevant authorities which was that no purpose was served by notifying members at that time," the club has said in a statement.

It has apologised and insisted data security has been significantly tightened since 2010.

However, although the CSSC said it does not think anyone suffered actual identity theft as a result of the attack, one unnamed person who received a letter told the Daily Telegraph a fraudulent benefit claim had been made in their name.

Others expressed their anger and the PCS union representing civil servants told the newspaper: "We’re very concerned about what sports club members have been told and that it appears to have taken so long."

No details have been revealed as to who the hackers might have been, but it demonstrates the potential usefulness of outsourcing services such as document management and storage to a third-party to increase security.

Technical director at Sourcefire Dominic Storey recently warned that such focused attacks are on the rise, striking organisations of all shapes and sizes.