Data breach – DIMS

On 1 July, BCA became aware that some data collected during processing of Direct Individual Membership fees via Paypal could be found by searching for a member’s name on Google.

The information that was accessible included name, postal address and email address – no passwords or bank details.

The source document was removed within an hour and Google’s cache was cleared within a day.

The main risk is that the data could be used for phishing, that is, impersonating a trusted organisation in order to obtain more sensitive information, so people who might be affected should be alert to that possibility.

The email below has been sent to all the email addresses on the list that was exposed:

The system where the data was accessed will be decommissioned once the new membership arrangements using JustGo are in place, which is imminent.

Leave a Reply

Your email address will not be published. Required fields are marked *

We use necessary cookies to make our site work. We’d also like to set optional cookies for more advanced features, but we won’t unless you enable them. Our cookies collect information in a way that does not directly identify anyone. For more information please see our Privacy Policy. You can change your mind using the “Cookie Choices” link in the footer.