The Business Continuity Institute has informed its members that the Institute became aware on the 5th July that its systems had been breached by a targeted cyber attack.
According to the BCI:
“An attacker compromised account credentials and ultimately gained access to a single BCI email account. On discovering unauthorized access to the email account, we initiated our standard incident response process. We engaged outside specialists to assure ourselves, clients, and other stakeholders that the review was thorough and objective.”
The email vectored incident resulted in a small number of emails sent to the BCI’s Accounts Department being automatically forwarded to another account outside the BCI. Some of these emails included bank account numbers and sort code numbers.
The BCI is warning members and corporate partners to monitor bank accounts and emails for any unusual activity over the coming weeks and to double check to ensure that any payment requests from anyone are valid.