Exclusive Egg heads at high IQ company Mensa have ruled out claims their website was hacked earlier this year, according to an email seen by The register.
Instead, the company suggested that the personal data leak – which is still under investigation by police – could be an inside job.
A number of cyber attacks in January and February left security guards scratching their heads as they tried to figure out the issue that exposed personal details of some members and led to a website snafu.
In response, Mensa launched a series of investigations by its IT contractors, which showed that there was “no external breach”. This was followed by a thorough review of the systems security and procedures.
Keeping its members up to date, Chris Leek, President of British Mensa, said in an email published last Friday and seen by us:
A Mensa spokesperson declined to elaborate or comment further as the case was under active police investigation. He had informed the Information Commissioner’s office, Action Fraud and the West Midlands Police of the incident.
Although their systems have received a certificate of good health, Mensa reports that he has implemented a series of changes to strengthen security, such as requiring all users to reset passwords and urging people to make them more difficult. to break.
Apologizing for any inconvenience or anxiety caused by the incident, Leek added, “I can reassure members that our systems are secure and that additional measures have been put in place to ‘make them sustainable’. I also want to reiterate that we do not keep credit card or payment information in the database. “
At the end of January, two British Mensa board members, Eugene Hopkinson and Emily Shovlar, told the FT they had resigned because of their concerns about the outfit’s cybersecurity practices.
Hopkinson, who until his resignation was the UK branch’s chief technology officer, alleged at the time that members’ passwords were not hashed. Another member told the newspaper that his password was emailed to him in the clear.
A Mensa spokesperson retorted at the time that the passwords “were encrypted; were never sent or stored in plain text; [and] that further work on password hashing was “in progress”.
No one from the West Midlands Police or the ICO was available to comment on the Reg at the time of writing. ®