Cyber Incident Victim: Christians Against Poverty

In late July 2016, unidentified hackers breached the computer systems of UK debt relief charity Christians Against Poverty (CAP). The intrusion compromised some but not all of the charity's systems, exposing personal details of supporters and clients—both current and former. The compromised data included names, addresses, email addresses, phone numbers, and sensitive banking information such as account numbers and sort codes. CAP detected suspicious activity on August 1, 2016, approximately one week after the initial breach. The charity immediately engaged external IT security experts to investigate, who confirmed the incident was a sophisticated external attack despite CAP’s existing server protections. CAP publicly disclosed the breach on August 4 via an online alert and began notifying affected individuals through direct communications, including email notices sent to supporters and vulnerable families the charity assisted with debt management.

The breach raised concerns about potential phishing risks for those whose data was exposed, though CAP did not confirm whether the compromised banking details were encrypted or clarify why it retained such sensitive information. The charity reported the incident to the UK Information Commissioner’s Office (ICO) and collaborated with law enforcement and cybersecurity experts to investigate the attack. In public statements, CAP emphasized taking "all possible steps" to secure its systems but provided no technical specifics about containment measures or the attackers’ methods. The organization issued FAQs to address concerns, acknowledging heightened risks while urging vigilance among affected parties. No further details regarding the scope of impacted records, financial losses, or long-term consequences were disclosed in the initial response phase.