We previously wrote to you in April to notify you of a potential data breach relating to the Neighbourhood Watch scheme management tools. With the support of external IT security specialists, further investigations into the incident have continued in the weeks since and we are now in a position to provide you with an update as promised.

 

What is the scope of the breach?

Based on our own investigation, alongside subsequent analysis by external IT security consultants, and investigation by Hertfordshire Constabulary’s digital forensics team, we can now confirm that the incident was not a data mining attempt on the system to gain access to member data for malicious or fraudulent purposes. 

Whilst we fully acknowledge and apologise unreservedly for the fact that an anomaly did exist within the system, we are confident that the incident occurred due to a small number of individuals attempting to cause commercial and reputational damage to our business. 

 

What was the result of the regulators consideration?

We reported the data breach to the ICO within 72 hours of becoming aware of the incident and we have since received a response stating that they have completed their consideration of this matter, and no further action is required. The recommendations included in their response have already been implemented and we will be submitting an update to them to confirm this.

 

Are investigations ongoing?

The technical investigation into this incident is complete, and we swiftly fixed the technical anomaly in our system. Following our reporting of the incident to Action Fraud, Hertfordshire Constabulary have claimed the case and their investigation into the individuals concerned is ongoing. 

 

What additional measures have been taken?

Upon discovering this anomaly, we immediately commissioned a full penetration test on the system by third-party IT security experts. This test returned the very positive results we expected, showing that our systems are secure, with no further action required. System security continues to be of paramount importance, and we will continue to do whatever is necessary to exceed the required national standards.

Once again, we sincerely apologise for any stress or concern this incident may have caused you. Please do not hesitate to reply to this message if you have any further questions and thank you for remaining as a valued member.