One of the servers on which the JiM Foundation collected data needed for its daily work was infected by a virus. There were the foundation's internal documents: procedures, operations strategies and financial data. Among the encrypted files were also personal data of employees, trainees and donors, sub-account holders. As these unauthorized external activities may have compromised the security of the personal data contained on the server, we have informed the Office for Personal Data Protection of everything, and those whose data was on the server will also receive detailed information about this by email.
At this point we have no certain information that any data was copied. There is also no reason to believe that the attack was aimed at harming people whose data was in the locked files. What is certain is that it was a demand for money to unblock access. Despite the lack of confirmation that the data may have been leaked, we feel it is our duty to inform everyone concerned about the whole matter.
We emphasize that the work of the foundation has not been disrupted. We have a copy of most of the data stored on the infected server, which is located on another IT resource. In addition, independent experts analyzed our IT system in detail, recommended supplementing and extending the current safeguards, which we promptly implemented. The new system as recommended by the experts is being implemented and optimized to avoid similar situations in the future.
Attacks by online criminals are aimed at obtaining financial benefits from the companies and organizations they attack. The JiM Foundation did not agree with this. We recovered some of the data, and informed the prosecutor's office about the blackmail attempt. We immediately began working with external experts to equip the Foundation with even stronger security systems.
If you are interested in more information about the case, please contact us by email at iod@jim.org