Mermaids

The transgender charity mermaids became aware of a data breach in relation to an internal email group.

It was found that the group was created with insufficiently secure settings, leading to approximately 780 pages of confidential emails being viewable online for nearly three years.

The compromised information includes personal information, such as names and email addresses, of 550 people being searchable online.

The personal data of 24 of those people were sensitive as it revealed how the person was coping and feeling.

A further 15 classified as unique category data as mental and physical health and sexual orientation were exposed.

Mermaids have significantly improved its data protection processes since learning about the security compromise and fully cooperating with the ICO investigation.

Source: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2021/07/ico-fines-transgender-charity-for-data-protection-breach-exposing-sensitive-personal-data/

TPRM report: https://scoringcyber.rankiteo.com/company/mermaids-uk

"id": "mer163711223",
"linkid": "mermaids-uk",
"type": "Breach",
"date": "07/2021",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': 550,
                        'industry': 'Charity',
                        'name': 'Mermaids',
                        'type': 'Non-Profit Organization'}],
 'attack_vector': 'Improper Security Settings',
 'data_breach': {'file_types_exposed': ['Emails'],
                 'number_of_records_exposed': 550,
                 'personally_identifiable_information': ['Names',
                                                         'Email Addresses'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Sensitive Personal Information',
                                              'Unique Category Data']},
 'description': 'A data breach at the transgender charity Mermaids exposed '
                'approximately 780 pages of confidential emails due to '
                'insufficiently secure settings in an internal email group.',
 'impact': {'data_compromised': ['Names',
                                 'Email Addresses',
                                 'Sensitive Personal Information',
                                 'Unique Category Data'],
            'systems_affected': ['Internal Email Group']},
 'investigation_status': 'Cooperating with ICO investigation',
 'lessons_learned': 'The importance of secure settings in internal '
                    'communication tools.',
 'post_incident_analysis': {'corrective_actions': 'Improved data protection '
                                                  'processes.',
                            'root_causes': 'Insufficiently secure settings in '
                                           'the internal email group.'},
 'recommendations': 'Regularly review and update security settings for all '
                    'communication platforms.',
 'response': {'remediation_measures': ['Improved Data Protection Processes']},
 'title': 'Mermaids Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Insufficiently Secure Settings'}

Mermaids

Brown, Lisle/Cummings, Inc.

Westmoreland Mechanical Testing & Research, Inc.

Perkins & Co