The Stafford Railway Building Society has recently been the subject of potential cyber activity. The Society has launched a thorough investigation, but can confirm that this affected our email system, rather than our system which deals with members’ savings and mortgages. No savings accounts with the Society have been accessed.
The targeted attack has meant that some emails sent to our system, some of which included some personal information of our members, were unlawfully accessed by an unknown and unauthorised third party. Access was disabled as soon as it was detected.
We have written to all affected members. If you have been affected you will shortly receive an individual letter stating exactly which of your details have been accessed. Although we are not aware that any attempt has been made to misuse your information, we have made arrangements with credit experts Experian to offer you advice and support. The letter provides full information on how to access their services and a telephone number for their dedicated helpline.
The unauthorised access was detected and disabled by the Society’s staff and IT support, and has been reported to all relevant authorities including the Police and the Information Commissioner’s Office. We continue to work with all parties to investigate the incident and identify those responsible.
Please refer to your letter for helpline telephone numbers and further guidance. The Questions and Answers provided with your letter are also here on the website. If members have any further concerns then they should contact our member service team on 01785 413261 who will be able to provide assistance.
Questions and Answers
|What information has been accessed?||Some personal information of members has been accessed. We have written to members individually to inform them of the exact detail of this information and to provide them with advice and support to ensure the security of their information.|
|How did this occur?||Despite all the security measures that the Society has in place, an unauthorised third party accessed an information system which resulted in some personal information of our members being accessed. Access was disabled as soon as it was detected.|
|When did this occur||For a period during February and the early part of March. Once we had detected and disabled the unauthorised access, we thoroughly reviewed our system to identify who had been affected. As soon as we had established this, we made arrangements to inform members individually and to provide help to members.|
|Are my savings with the Society safe?||Yes. The system that contains members’ savings and mortgage accounts was not accessed, nor was any bank account held by the Society. In addition, it is not possible for anyone to remove funds from a savings account using personal details alone; no withdrawals are possible without the saver’s Society passbook.|
|How will this affect me?||If you have savings with us, they are still safe as no withdrawals are possible without your Society passbook. Also it has no impact on the mortgages of our borrowing members. We are not aware that the personal details accessed have been misused, but there may be a risk of this information being used for the purpose of Identity theft or to impersonate you to obtain unauthorised credit or services.|
|What is the Society doing about this?||We have made arrangements with Experian to offer members guidance and support in protecting their personal information and preventing it from being misused. You can contact the Customer Support Centre at Experian, who are acting on the Society’s behalf. Contact details can be found below.
We are also offering members a complimentary 12 month membership to Experian ProtectMyID. This online service helps detect possible misuse of your personal data and provides you with identity monitoring support, focussed on the identification and resolution of identity theft. Full details are given in the individual letters sent to those affected.
The Society is carrying out a thorough investigation of what has happened in conjunction with its IT suppliers and advisers. It has already taken steps to prevent the unauthorised access and put new security measures in place. We are working closely with industry regulators and providing full information to the authorities in order to assist them in identifying those responsible, and whether any misuse of data has occurred.
|Doesn’t the Society have security to prevent this from happening?||Yes we do, but no IT system is 100% secure. The security measures we have in place allowed us to detect and stop access as soon as we discovered it. The Society has already taken steps to stop the unauthorised access and put new security measures in place.|
|Who are Experian and why should I contact them?||Experian are industry leaders in dealing with the prevention of financial crime. We have asked them to work in partnership with us because we consider they can provide the best possible help to our members.
Even if you do not use the internet, you can call Experian on the number provided for guidance.
|Are there any other sources of help and support?||If you are concerned about any effect on your other bank accounts you can seek advice from:
The Police: Action Fraud at www.actionfraud.police.uk, or call 0300 123 2040
The Financial Conduct Authority: www.fca.org.uk or call 0800 111 6768
The Information Commissioner’s Office: www.ico.org.uk or call 0303 123 1113
If you received an unsolicited call, e-mail or text asking for personal information you should contact the Police: Action Fraud (details as above.)
|How can I complain if I am dissatisfied with your service?||If you would like to contact us because you are not happy with our products or service, you can visit us at the branch, 4 Market Square, Stafford, ST16 2JH, or email us at firstname.lastname@example.org, or call on 01785 223212. Our full complaints procedure can be found on our website at www.srbs.co.uk.|