British Mensa Limited has paid former technology officer Eugene Hopkinson defamation damages and costs settling his claims of libel, malicious falsehood, and breach of his rights under the UK GDPR relating to a series of statements it made on the subject of a January 2021 cyber-attack and a data leak at the org.
In February, the club for people with a high intelligence quotient launched an investigation following a brute force attack on 20 January. There were two separate incidents in which "limited personal data of a few members and officers" was briefly exposed in the website's forum.
- Hacked by SolarWinds backdoor masterminds, Mimecast now lays off staff after profit surge
- 8086 and All That. Revisited
- World's cleverest woman needs a job
- Don't panic about cyber insurers pulling up the drawbridge, says Lloyd's
Board member and technology officer Hopkinson subsequently quit, saying he had no faith in the security setup of the 1946-founded society, specifically alleging that member passwords had not been hashed.
Fast-forward a few months to June and Mensa claimed it found "no external breach" but alleged investigators discovered "an unauthorised internal download of the database had taken place."
According to Hopkinson's solicitor's statement in open court on Tuesday, which was published on his legal team's website, Mensa "published a series of statements" about the attack, and Hopkinson contended "that the gist of the publications was that the claimant was responsible for the data leak and cyberattack."
The technology officer's solicitors, Brett Wilson LLP, released a statement confirming their client was paid libel damages after accepting an offer made by the British arm of the club for clever folk.
"British Mensa Limited and its directors have agreed to pay defamation damages and costs to former director Eugene Hopkinson after publishing a series of statements that alleged he was responsible for the data leak and cyberattack and had deliberately attempted to harm Mensa and its membership."
The statement read out in court by Hopkinson's solicitors [PDF] accepting the settlement states that the allegations against Hopkinson were "entirely false" and caused him "reputational damage within and beyond the extensive Mensa membership", as well as "considerable embarrassment and distress."
A spokesperson at Mensa sent us a statement: "Following an unsuccessful cyber attack on the British Mensa website in January this year and some incidents involving member data, British Mensa's IT suppliers undertook an investigation.
"On the basis of the evidence currently available to us, British Mensa accepts that there is insufficient evidence to reach the criminal standard of proof that Mr Hopkinson was responsible for either the cyber attack or the subsequent data disclosure.
"Legal action between Mr Hopkinson and British Mensa Ltd has now been resolved and we will be making no further comment." ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Immigration and Nationality Act of 1965
- Palo Alto Networks
- Telecommunications Act of 1996