Cyber Incident Victim: Cancer Research UK

In early October 2018, cybercriminals associated with the Magecart group targeted Cancer Research UK’s online store in an attempt to steal customer payment card details. The attackers planted malicious code within the charity’s website infrastructure, specifically targeting transactions where users purchased gifts. This code was designed to copy credit card information entered by customers during checkout. Cancer Research UK identified the intrusion and immediately disabled all online services to prevent further exposure, limiting the window of compromise. The charity publicly confirmed the incident and stated that no credit card details were successfully exfiltrated or stolen during the attack. Magecart, an anonymous hacking collective linked to Russian cybercrime operations, was identified as the perpetrator. This group had previously executed similar attacks against major commercial entities, including British Airways and Ticketmaster UK.

The incident occurred within a broader campaign by Magecart targeting e-commerce platforms. Around the same period, Ticketmaster UK disclosed a breach affecting approximately 40,000 British customers, while British Airways reported a compromise impacting 380,000 users. Magecart’s operations focused on harvesting payment card data through skimming techniques, with stolen information funneled to underground marketplaces for fraudulent purchases. Cancer Research UK’s breach highlighted the expanding scope of Magecart’s activities beyond for-profit corporations to include charitable organizations. The charity’s prompt containment response involved isolating affected systems and conducting forensic reviews, though no specific technical details of the remediation were publicly disclosed. The attackers’ infrastructure was linked to known credit card fraud networks, reinforcing the financially motivated nature of the campaign.