The British Dental Association (BDA) has suffered a data breach causing fears that the bank account numbers of a number of UK dentists have been stolen.
The BBC has reported that the professional association emailed its membership to warn them of the breach, telling them it is currently unsure what information has been accessed. The BDA also urged them to be vigilant about any correspondence purporting to be from a bank.
The BBC stated that while the organization does not store its members’ card details, it does hold their account numbers and sort codes in order to collect direct-debit payments.
In the email to members, the BDA reportedly referred to “logs of correspondence and notes of cases” as being among the data it has assumed stolen; this suggests that hackers may also have access to sensitive patient information.
BDA chief executive Martin Woodrow added in the email memo: “Owing to the sophistication of these criminals, we cannot, as yet, confirm the full extent of information that has been accessed.
“We are devastated and apologise unreservedly for this breach.”
The BDAs website is currently offline due to the “sophisticated cyber-attack,” with the company stating that “our IT experts have been working to rebuild our systems since the incident occurred and this is progressing well.”
Commenting on the incident, Jake Moore, cybersecurity specialist at ESET, said: “It doesn’t seem a week goes by without it being necessary to remind people to be vigilant against this recent influx of hacks. However, it remains more important than ever to be cautious.
“It appears a large spread of personal data has been taken, so it is essential to remain on the lookout for any communication requesting further details which may add pieces to the identity theft jigsaw.
“Although the BDA has been magnanimous in making those affected aware of the breach quickly and reporting themselves to the ICO, the problems are far from over.”
Chris Harris, technical director, EMEA at Thales, added: “While being hacked itself is a worry in the first place, it’s concerning that it’s still unclear what information was taken.
“For any business’ security strategy to be successful, protecting their sensitive data through implementing methods like encryption and multi-factor authentication must be at the heart of it. With this in place, companies can rest safe in the knowledge that even if data is taken, it can’t be accessed – protecting them and their customers from further damage down the line through aspects like phishing attacks.”
Just this week it was revealed that hackers published customer data stolen from Havenly on the dark web.