Cyber attack on CISI web server April 2020

On, or around, 14th February 2020, an unknown third party successfully exploited a vulnerability in part of the commercial software we use to manage our website. The cyber attackers were able to install malicious code inside the software itself which, when triggered by an individual making a payment using a credit or debit card, sent information back to the intruder’s server in Russia. This affected people making on-line payments on our website until 16 April 2020, which is when we became aware of the cyber-attack and took action.

The data taken included payment card details, expiry date and CVV number, along with first name, last name, home address, postcode, and the primary telephone number and email address which was entered on the payment screen. Fortunately no passwords were taken.

We understand that data was taken from just over 5,000 people with fraudulent activity likely to have been attempted on around 700 cards.

Payments taken by telephone during this period were unaffected by this incident. All of our qualifications and exams are on a separate system and are completely unaffected.

When did we know and what did we do?
We became aware that it was likely we had been attacked when, after receiving one or two seemingly isolated notifications, we then heard from a firm that a considerable number of their staff’s cards had been subjected to attempted unauthorised transactions following those staff using their cards on our website.

Within 24 hours of receiving this notification, we made calls to others who had paid for CISI services with their cards and discovered that this problem was more widespread than a single firm.

We then promptly took the following action on Thursday 16th April:

  1. Stopped all payments through the CISI website
  2. Notified the Information Commissioner’s Office (ICO) and other regulatory bodies
  3. Reported the crime to Action Fraud and the UK National Cyber Security Centre
  4. Engaged forensic cyber specialists from KPMG to undertake a comprehensive investigation, in order to advise on cause and remediation
  5. Communicated with those affected to make them aware of the cyber-attack and provide advice on how they should respond to their data being compromised.

How we are preventing future attacks
We treat everyone’s data with great care and are very disappointed that it was stolen whilst it was with us and in order to reduce the likelihood of a repeat attack, we have implemented the recommendations of our cyber specialists to remove the malicious code from our webserver, installed additional security measures on the impacted webserver and will replace that webserver with a newly built alternative.

We are confident that we have remedied the vulnerability which caused this attack and we have improved our overall web security.

How we will help you
I realise that, although over 85% of the people we contacted are unlikely to have seen fraudulent activity on their card, it is nevertheless a worry if people are concerned that some of their personal data has been compromised.

So we have taken great care to look after those directly affected, including measures to reduce the future risk to their personal identity and credit history. It is important to us that no one incurs any financial loss because of this incident.

These measures have been offered to those who are directly affected:
  • Offering to reimburse any immediate expenses incurred in relation to the notification of the theft relating to replacing payment cards.
  • If, after contacting their card company they have not been able to come to an arrangement with the card issuer, then we will be pleased to consider compensating them for their financial loss.
  • We have arranged with a leading credit and ID monitoring agency, Experian, for those who were affected or to whom we wrote advising them that they were potentially affected, and are based in the UK, or in countries that Experian covers, to have the option of a complementary year’s subscription to their service.
I appreciate that this is news comes at a troubling time, especially as we are all in the middle of the Covid-19 pandemic and I am very sorry if this has added to your concern.

If you have any further questions or concerns please don’t hesitate to contact us on or call us on +44 (0)20 7645 0777.

Yours sincerely

Simon Culhane, Chartered FCSI
Chief Executive