HMR targeted by cyber criminals
Dear HMR Volunteers
On Saturday 14 March 2020, HMR was subjected to a targeted and sophisticated attack by cyber criminals. We took immediate action to stop the attack, but not before the attackers had stolen copies of some of our files. A criminal group called Maze has claimed responsibility. We reported the crime to both the Police and the UK Information Commissioner’s Office (ICO) and are working with them.
We’re sorry to report that, during 21–23 March 2020, the criminals published on their website records from some of our volunteers’ screening visits. The website is not visible on the public web, and those records have since been taken down. The records were from some of our volunteers with surnames beginning with D, G, I or J. The records were scanned copies of documents and results we collected at screening, including name, date of birth, identity documents (scanned passport, National Insurance card, driving licence and/or visa documents, and the photograph we took at the screening visit), plus health questionnaires, consent forms, information from GPs, and some test results (including, in a few cases only, positive tests for HIV, hepatitis, and drugs of abuse).
Even if your records weren’t among those that were published, the criminals might have stolen copies of them. There’s a risk that your identity documents could be used by criminals to commit fraud (such as taking out a loan in your name), so we recommend that you inform your bank about the attack on HMR, ask their advice, and look out for suspicious activity in your account. Many of the ID documents we have on file have expired, but if you believe you provided to HMR IDs that are still valid, report these documents as being compromised to the organisation that issued them.
Consider contacting CIFAS (the UK’s Fraud Prevention Service) to apply for protective registration. Once you’ve registered, you should be aware that CIFAS members will do extra checks to see when anyone, including you, applies for a financial service, such as a loan, using your address.
CIFAS – The UK’s Fraud Prevention Service
7 – 12 Tavistock Square
You can also get more advice at:
Also, be aware that any suspicious calls or emails claiming to be from HMR might not be genuine, particularly emails asking you to click on a link (consider searching for it in your browser).
If you want to know more about the documents that were published, or if you have any other questions or concerns, please reply to this email (DataProtection@hmrlondon.com) or, if you are Japanese and want to write to us in Japanese, email Japanese.DataProtection@hmrlondon.com, and we’ll get back to you as soon as we can.
We’re taking this incident very seriously. We’re working closely with law enforcement agencies and continue to enhance the systems we use to protect our data.