Cyber Incident Victim: Royal National Institute for the Blind

On or around November 24, 2017, the Royal National Institute for the Blind (RNIB) discovered a breach affecting its web store, which sold products such as large-print stationery, eyeshields, lighting, and canes. Attackers compromised the site and stole customers' card payment details during transactions. The breach impacted an estimated 817 shoppers, with 55 individuals subsequently reporting fraudulent activity involving varying amounts of money. Customers began notifying the charity about suspicious transactions, prompting internal investigations. The compromised system involved the public-facing e-commerce platform handling direct consumer payments. Police launched an investigation into the incident following multiple fraud reports linked to the stolen payment data. The RNIB, a major UK charity supporting blind and partially sighted individuals, did not publicly disclose the exact attack vector or duration of unauthorized access prior to detection.

The RNIB initiated remediation efforts upon confirming the breach on November 24 but required three days to fully secure the affected web store systems. No data encryption measures preventing card detail extraction were referenced in available reports. The incident highlighted operational challenges within charitable organizations, as a contemporaneous government report noted many lacked cybersecurity resources and awareness of evolving threats. That August 2017 report specifically identified needs for basic staff training, technical control implementation, and leveraging trustee expertise in private-sector security practices. While no ransomware or data destruction was reported, the breach directly enabled financial fraud against victims. The charity coordinated with law enforcement throughout the investigation but did not publish details about whether attackers were identified or whether stolen data appeared on dark web markets.