An elite club in the United Kingdom has announced a data security incident where someone stole data pertaining to 5,000 of its members.
The theft occurred when someone stole a backup computer drive for the Oxford and Cambridge Club out of a locked room inside the organization’s headquarters in London. That drive contained the personal information of 100 staff members and 5,000 members including their names, email addresses, phone numbers, dates of birth, photographs, and some bank details. Payment card details were not among the stolen data.
Queen Elizabeth II’s husband, Prince Phillip, and her son, Prince Charles, were not among those exposed by the theft. Both gentlemen are honorary members of the traditional London Club.
Following discovery of the incident in early November, the Club’s secretary Alistair Telfer wrote to all affected members about the potential risks confronting them. As quoted by The Hindu:
We have been advised that we should write to confirm that there may have been a data breach at the Club which could possibly result in disclosure of your personal data held on the Club computer system. This situation has arisen as a result of the theft of a storage disk, and not as a breach of the cybersecurity system, and although the data contained on the disk is protected by multiple layers of security and heavy password protection, we have been advised by data specialists that there is a very remote chance that information could be obtained.
He went on to say that management has apologized for any inconvenience caused by the incident.
Currently, the Club is working with Scotland Yard and private investigators to determine how the theft occurred. They’re studying CCTV surveillance footage as part of that investigation.
In the meantime, similar organizations should use news of this incident to shore up the security of their own systems. They can do so by implementing some if not all of the Center for Internet Security’s (CIS) Critical Security Controls (CSC). These measures include asset discovery, security configuration management (SCM), and vulnerability management.
To learn how these foundational security controls can help protect your organization, click here.