Dear CALM Supporters
Unfortunately the CALM website was recently hacked and the site defaced. We became aware of this attack to www.thecalmzone.net on July 24th 2015.
We have notified the ICO (Information Commissioners Office), the relevant law enforcement agency and resolved the vulnerability on our website. We are also working with cyber security experts, forensic examiners and legal counsel to ensure everything is being done to minimise the damage caused by this attack.
Why were we attacked?
Our investigation show us that this hack was opportunistic as opposed to targeted, by hackers who are known for random attacks on companies which appear to be destructive for the sake of it. As a precautionary measure we are monitoring the Internet for any references to this incident.
What Data Was Accessed?
Based on our investigations we believe the following information could potentially have been unlawfully accessed:
- Personal data such as name, user name, email addresses & passwords and data which you entered when registering to join the campaign on the website.
- Information provided to us via our online ‘Contact Us’ form and the ‘Upload a Story’ feature, which may include email address, real name, phone number, address and contextual content, if provided by you.
Information which cannot have been accessed, either because we don’t hold this, or this information is held elsewhere:-
- Any data relating to helpline calls, texts or webchats.
- Information sent to us via e-mail or over the phone
- Any financial information.
Our advice to you
The security of your personal information and your online safety is paramount. To remain protected from any consequent acts of cybercrime we strongly advise you to:-
Change your password on our website immediately. Also, it is not uncommon for people to use one passwords on multiple sites. Please take a moment and consider changing the passwords on your websites you visit most. Where possible use a password manager to create strong passwords and manage access to all the sites you visit.
Remain vigilant online and be aware of any suspicious emails you receive. These may include emails asking you to update or change your password. Please forward them to firstname.lastname@example.org and discard them immediately.
Please note: We have sent a single email to affected users about this incident. All future updates in regards to this security breach can be found on on this page. Any subsequent e-mails received about this security incident following the initial one sent by CALM should be treated as suspicious.
We apologise wholeheartedly for this breach of security, but be assured that we are doing everything in our power to ensure that the damage is mitigated and that this doesn’t happen again. We hope that you continue to support CALM, visit our website and make our campaign the vibrant and empowering organisation that it is.