Hackers who accessed the servers of the British Dental Association (BDA) may have made off with members' bank account numbers and sort codes, according to reports.
The trade union's servers were breached at the end of July, knocking out its website on the 30th as BDA personnel scratched their heads. Trade news site Dentistry Online reported BDA chief exec Martin Woodrow as saying: "As we attempted to restore services, it became clear hackers had accessed our systems."
In a statement posted to its website on 30 July, the BDA's IT team said: "We've been investigating why our site has been down and it's bad news; we've been hacked."
This was later updated to say: "We have recently been the victim of a cyber incident. As a precaution, we have taken some of our systems offline, such as our website and telephone servers. Our IT team are doing everything they can to get our systems back up and running for you as soon as possible."
Dentistry Online reported that names, contact details, transaction histories with the BDA, direct debit details including account numbers and sort codes, logs of correspondence and notes of cases lodged with the BDA may have been accessed. As well as its trade union functions, the BDA also offers its members indemnity insurance, meaning it holds some data about disputes over dental negligence.
The Register has asked the BDA for comment. It is not yet known publicly whether the intrusion was linked to ransomware or whether this was an old-fashioned digital smash 'n' grab.
In a statement posted to Facebook, the BDA said: "We have informed the Information Commissioner's Office and have a case open. We were able to reassure them on their initial queries and will work with them if it believes any further investigation is required. We are contacting people we think are affected. We have spoken at length with our cyber security consultant and reported it to our insurer. The insurer will undertake forensic analysis of the recovery plans."
Jake Moore of Slovakian antivirus firm ESET told El Reg: "It doesn't seem a week goes by without reminding people to be more vigilant from recent hacks but it really is important. It appears a large spread of personal data was taken so it never ceases to be on guard from illicit communication requesting further details which may add pieces to the identity theft jigsaw.
"Although the BDA have been magnanimous in making those affected aware of the breach quickly and reporting itself to the ICO, the headache is far from gone and could cause more pain with potential fines."
An anonymous dentist told the BBC he was worried about fraud and identity theft in light of the hack. ®