Cisi conned into releasing member details

Cisi conned into releasing member details

The Chartered Institute for Securities and Investment has suffered an embarrassing security breach resulting in the leak of private details for all 40,000 members.

The data security breach, which has resulted in the unauthorised release of every member’s name, email address and membership level, was discovered on Friday

In a statement, Simon Culhane, CISI chief executive says:"The CISI is deeply concerned about this breach and has advised all members to treat with extreme caution any email which requests individuals to reveal further personal information, particularly if it is financially related."

Evolved from the London Stock Exchange, the professional body has more than 40,000 members in 110 countries. Member postal addresses, phone numbers, passwords, examinations results and financial details were not exposed in the incident.

Culhane says that that the Institute fell victim to a "devious confidence trick" on an unsuspecting member of the support team.

"We believe this fraud was an isolated incident and I can assure you that we are taking immediate steps to increase our security and prevent such an incident recurring," writes Culhane. "We are also reviewing our training and will be informing the Information Commission of this incident."

The Institute has set up a dedicated e-mail address, breach@cisi.org, and a telephone helpline for concerned members.

Comments: (1)

Robert Burch
Robert Burch - Independent Consultant - Cotswolds 02 June, 2015, 09:18Be the first to give this comment the thumbs up 0 likes

It is about time the Information Commissioner automatically fined organisations for data breaches.  Organisations should have strict liability to keep personal information safely.  A sophisticated con or hack should not be an excuse.  Too many organisations do not take security seriously and strict liability would concentrate the minds of directors.

Featured Job
All Jobs »