On the morning of 20th November 2023, we were made aware that our Facebook page was displaying unusual content with links to third-party websites. Upon investigation, it became clear that our Facebook page’s name has changed and all volunteers who previously had administrative access to the page have been removed and the page is no longer in control of the Group.
We are aware that most of the visitors to our page use it to keep up-to-date with what’s happening in the Group, in particular, to look at pictures of activities that have been going on in each of our eight sections. However, in some cases, visitors to that page sometimes message us via Facebook Messenger to enquire about joining the Group and in those messages, personal information such as children’s names, dates of birth, home addresses and other information is sometimes shared with us. In this instance, you should be aware that we are currently treating this information as compromised by an unknown third party.
We believe that whoever is behind the incident is not looking to use data that may be available and is instead looking to get more clicks to their own website.
The Group is not selling t-shirts (or any other goods) via a third-party website and we cannot take any responsibility for any information or payments made to third-party websites.
What can I do if I think my data is stolen?
If you haven’t provided any personal information via Facebook Messenger to the Group’s Facebook page, you are not affected by the incident.
If you have previously sent personal information via Facebook Messenger to the Group’s page then you should consider this information compromised. We don’t store information on where enquiries have come from, so we’re not able to contact those people directly affected. If you believe you are impacted by this incident, please check out this information from the National Cyber Security Centre.
What have we done?
- We have reported the page as compromised by Facebook and will work through the necessary steps to regain control of our Facebook page.
- As we’re not able to determine the people who may have data compromised, we have written to all parents/guardians/volunteers within the Group to advise that some data that was sent via Messenger may be compromised and provided guidance on what to do if they’re unsure.
- We have conducted a self-assessment on the impact of the breach and don’t believe it currently meets the threshold needed to report it to the ICO, however, we will continue to regularly review the incident.
Contact us via firstname.lastname@example.org
Guidance for individuals and families
We have no way of knowing who is impacted by this incident or how any compromised data may be used, if at all.
If you are concerned, please follow the guidance from the National Cyber Security Centre on how to protect yourself from the impact of data breaches.