Cyber Incident Victim: Chartered Institute for Securities and Investments

In April 2020, the Chartered Institute for Securities and Investments (CISI) experienced a security breach affecting its members' financial data. The professional body confirmed that malicious code had been inserted into its website, potentially compromising payment information of members who conducted transactions through the platform. The incident came to light after multiple members reported unauthorized fraudulent activity on their credit or debit cards following legitimate payment interactions with CISI's online systems. While the exact timeline of the code injection remains unspecified, the breach detection occurred through member complaints rather than internal monitoring systems. CISI did not disclose the specific duration during which the malicious code operated on its website prior to discovery.

The breach directly exposed sensitive financial information, leaving affected members vulnerable to fraudulent transactions. CISI initiated an investigation upon learning of the suspicious card activities but did not publicly disclose technical details about the attack vector, scope of compromised data, or number of impacted individuals. No information was provided regarding containment measures taken to remove the malicious code or secure the website. The incident highlighted vulnerabilities in CISI's payment processing systems, though the organization did not specify whether third-party vendors were involved. Members faced tangible financial risks from the exposure of their payment card details to unauthorized actors.