Cyber Incident Victim: Wellcome Trust

In August 2018, the Wellcome Trust discovered unauthorized access to the email accounts of four senior executives following two successful phishing attacks. The London-based charity, which manages £26 billion in assets and distributed £723 million for scientific research in the prior year, disclosed the incidents in its annual report. Fraudsters had deceived senior management personnel into entering their passwords after sending them malicious links, granting attackers prolonged access to sensitive information over several months. Upon detecting the breach, the organization immediately initiated a forensic investigation to assess the compromise. The charity contacted law enforcement, with a police investigation remaining active at the time of the report. Forensic analysis confirmed no financial losses occurred as a direct result of the intrusion, though the scope of accessed communications remained under review.

The phishing campaigns specifically targeted high-level staff members, indicating deliberate reconnaissance of organizational hierarchy. Attackers maintained persistent access to executive email systems prior to the August discovery, though the exact start date of the compromise was not specified in public disclosures. Wellcome Trust's response focused on containment through credential resets and system audits while cooperating with authorities. No evidence suggested operational disruption to the charity’s grant-making functions or financial systems. The incident highlighted vulnerabilities in executive account security despite the organization’s robust cybersecurity posture as a major institutional investor. Ongoing police involvement reflected concerns about potential data misuse, though no fraudulent transactions or fund diversions were identified during the initial forensic examination.