Merging with Breast Cancer Care in 2019, Breast Cancer Now is the UK’s largest breast cancer research charity. It focuses on making a world where everyone who develops breast cancer will live, and live well, a reality by 2050. To this end, the organisation is funding almost £25 million worth of cutting-edge research and directly supporting nearly 380 scientists.
The organisation collects a variety of donations through gifts, fundraising, corporate partnerships, special events and more.
Dealing with the reputational risk of data breaches
Given that Breast Cancer Now handles the personal and financial details of thousands of donors, data protection is a huge priority for the organisation. A data breach is a reputational risk that could have a significant negative impact on the charity’s future fundraising activities and its ability to deliver on its goals.
Because of this risk, the IT team needed to increase its ability to detect if and when a breach had occurred. During the team’s planning for complying with the General Data Protection Regulation (GDPR), it was decided to deploy a mechanism that would notify the team if any of the organisation’s data was breached.
As Brigid Macdonald, IT manager at Breast Cancer Now, explains: “We wanted to go into GDPR with our eyes wide open. It quickly became apparent that the ability to detect if we had been breached was a key capability. We needed to be able to react more quickly in the event of a breach and keep our donors’ data safe.”
The organisation then considered RepKnight’s BreachAlertTM platform, which proactively monitors the open, deep and dark web for data belonging to the organisation — alerting the IT team if data appears anywhere it shouldn’t, indicating a breach.
This real-time monitoring capability exactly matched Breast Cancer Now’s requirements and desire for peace of mind when it came to data protection. As a result, the organisation went ahead with implementing BreachAlertTM.
Minimal training, maximum security
Breast Cancer Now went live with BreachAlertTM in May 2018. The platform was integrated into the organisation’s IT and data teams under the GDPR directive and was immediately supported by the GDPR direction board following recommendations to address the breach identification and notification process.
As Breast Cancer Now’s primary breach detection solution, BreachAlertTM searches for the charity’s domain information appearing on the open, deep and Dark Web — including legacy companies, email addresses, IP address ranges and keywords.
“We have found implementing BreachAlertTM a seamless process from start to finish,” adds Macdonald. “The platform, itself, is quick to set up and very intuitive, making it easy to create notifications and search its historical database. The analysts and support team are always on hand to assist with any questions we may have.”
The results of BreachAlertTM were almost instantaneous for Breast Cancer Now. Before going live with the solution, the charity had been notified of an unauthorised sign in to its systems by Office365. However, during the proof of concept phase, BreachAlertTMidentified a Dark Web post that was the source of the password credentials used in the unauthorised login.
As Macdonald says: “If BreachAlertTM had been in place prior to this threat, we could have put relevant measures in place internally, mitigated the threat and ultimately prevented the unauthorised login before it happened.”