Cisi conned into releasing member details

The Chartered Institute for Securities and Investment has suffered an embarrassing security breach resulting in the leak of private details for all 40,000 members.

1 comment

Cisi conned into releasing member details

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The data security breach, which has resulted in the unauthorised release of every member’s name, email address and membership level, was discovered on Friday

In a statement, Simon Culhane, CISI chief executive says:"The CISI is deeply concerned about this breach and has advised all members to treat with extreme caution any email which requests individuals to reveal further personal information, particularly if it is financially related."

Evolved from the London Stock Exchange, the professional body has more than 40,000 members in 110 countries. Member postal addresses, phone numbers, passwords, examinations results and financial details were not exposed in the incident.

Culhane says that that the Institute fell victim to a "devious confidence trick" on an unsuspecting member of the support team.

"We believe this fraud was an isolated incident and I can assure you that we are taking immediate steps to increase our security and prevent such an incident recurring," writes Culhane. "We are also reviewing our training and will be informing the Information Commission of this incident."

The Institute has set up a dedicated e-mail address, breach@cisi.org, and a telephone helpline for concerned members.

Sponsored [Webinar] Using modern technology platforms to create an AI-driven bank

Related Company

Comments: (1)

Robert Burch Consultant at Independent Consultant

It is about time the Information Commissioner automatically fined organisations for data breaches.  Organisations should have strict liability to keep personal information safely.  A sophisticated con or hack should not be an excuse.  Too many organisations do not take security seriously and strict liability would concentrate the minds of directors.

[Webinar] Reimagine Banking: How to effectively modernise your core and de-risk at the same timeFinextra Promoted[Webinar] Reimagine Banking: How to effectively modernise your core and de-risk at the same time