Kids charity hit by server theft

Some personal data stored, but motive likely equipment theft, says Plan UK

A two-man break in at the London offices of children's charity Plan UK has resulted in theft of five computer servers.

Plan UK has stated that while "the likely motive was to steal the equipment itself, rather than the data ... we cannot escape the fact that personal information is also stored on the servers".

Explaining what data had been compromised, the charity listed "supporter names, addresses, emails, as well as bank account and sort code numbers".

Neither credit nor debit card details were stored on the server, and Plan UK claimed "the information obtained by the criminals cannot be used directly to access supporters’ bank accounts". It's widely contested whether account numbers and sort codes are enough to result in theft.

Plan UK also stated that "we cannot fully guarantee that there isn’t a slight increased risk of supporters being open to fraud" and encouraged its patrons to be vigilant.

It added it regretted the incident and stated it is "in the process of informing the Information Commissioner".

A letter has been sent to supporters informing them their data has been compromised.

The Register contacted Plus UK to enquire about its security practices. We have not received a response as of publication. ®

Biting the hand that feeds IT © 1998–2021