The Association of Chairs (AoC) is trying to reclaim its website domain from cyberattackers after falling victim to a recent attack.
AoC said that the cyberattack happened on 23 May, which caused the organisation to lose access to its website domain and all the email addresses associated with it.
The organisation’s new website domain is associationofchairs.co.uk and its internal email addresses have also been changed to end with .co.uk rather than .org.uk, such as [email protected].
AoC stated that there was no evidence that any personal data had been accessed or compromised, and its members’ login details are securely held by its software company partner, sheepCRM.
It advised that charity members can log in to access their resources as usual via the SheepApp or by using the members’ area button on AoC’s new website.
Old domain up for sale
AoC chair Joe Saxton told Civil Society that initially, the organisation did not know what the hackers wanted from the organisation.
Saxton said: “We didn't know whether they were after our data. We didn't know whether they were trying to use it to get money from our payment system.”
However, AoC chief executive Liz Lowther said the organisation took steps to ensure its systems were safe within minutes of the attack.
“We informed members and supporters on multiple channels not to reply to any emails or requests coming from the old domain, or to use our website until further notice,” she said.
“Association of Chairs staff and suppliers worked on this throughout the bank holiday weekend.”
AoC’s old domain currently states that the website is up for sale at auction.
However, AoC stated that it is expecting to regain access to its old domain in the coming days and will be in talks with Nominet, the company that operates the UK’s national domain name registry.
Saxton said: “We want to find out how the hosting company could let that happen without us giving any permission to have our domain name moved away.
“The ridiculous thing is that we are not a domain name that's valuable.
“It's not like we have a domain that you could use for anything other than who we are. But I imagine these are people who are doing it with hundreds of organisations the whole time.”
‘Back to business as usual’
Days after the cyberattack, AoC thanked people for their support in a LinkedIn post.
“We are particularly grateful to our trusted IT suppliers, Ave, sheepCRM, and Transpeed Ltd,” it said.
“Their senior teams remained available over a bank holiday weekend, offering us practical help and personal kindness. Their professional guidance and reassurance made a huge difference to our ability to resolve website issues quickly.
“Choosing to work with reliable and security-focused partners has hugely limited the harm of this attack.
“In time we will share learnings from this experience in the hope of supporting others. For now, we hope you can support our journey back to business as usual.”
AoC would not have received any emails from anyone who had emailed them using the .org.uk email address since 4 pm on Friday, 23 May.
Related articles