The British and Foreign Bible Society has said that no supporter donations will be used to pay a £100,000 fine it was issued by The Information Commissioner’s Office (ICO) after cyber hackers gained access to more than 400,000 supporters’ personal data.
The charity said it will use funds generated in other ways, including sales and investments, to pay the penalty, £80,000 following a 20 per cent discount.
Between November and December 2016, the intruders exploited a weakness in the Swindon-based charity’s network to access the personal data of 417,000 of its supporters.
For the financial year ending 31 March 2017 the charity had an income of £19.5m with £11.8m coming from donations and legacies. Charitable activities accounted for £6.6m of the charity's income and £720,000 from investment income.
'We took the breach very seriously'
The charity said it had overlooked a vulnerability in a single service account, which was compromised by the cyber-attack, but said the breach did not affect the charity’s website or associated online accounts.
However, a spokesman for the charity said it had taken the significance of data protection breach “very seriously”.
He said: “Following the hack, we immediately contacted any supporters whose data might have been at risk, giving support and advice on what to do next. We have also worked closely with the ICO over the last 16 months and cooperated fully with them in their enquiry.
“No supporters reported that their accounts had been breached and there is no evidence of any material effect on supporters.
“Furthermore, feedback from Bible Society supporters in response to our efforts to notify and advise supporters of the breach has been very positive and supportive.
“We remain vigilant regarding cyber security threats and have taken all possible steps to ensure that the risk of a future breach is minimised.”