On the evening of Saturday 12th November, an unauthorised person gained access to our candidate management system via an administrator’s account. They blocked access to the system, replacing the homepage so that no one could log in and sent an email to our ‘All candidates’ list titled ‘New Site’ which contained a malicious link to a suspicious website.
Thanks to some swift reporting of the email by candidates and providers, Mountain Training and TahDah were notified and able to take action. The system was back up and running within a few hours and the email was stopped from sending. The email was sent to 4,504 candidates from a possible list that is much larger.
On Sunday 13th November everyone who received the unauthorised email was sent an email from Neil Rylance, TahDah CEO, with details about how to check their devices for malware in case they had clicked on the link in the email.
- If you did not see the email between 20:05 and 21:15 on Saturday then there is nothing to worry about. (Just delete the email)
- If you only opened the email and DID NOT click the link then there is nothing to worry about. (Just delete the email)
- If you did click the link between 20:05 and 21:15 on Saturday and you do not have an up-to-date virus checker installed on your machine then it is highly recommended that you follow the following steps :
- Download MalwareBytes for free at https://www.malwarebytes.com/
- Run the software across your machine to check for malware and remove any that it finds.
The malicious link itself has since been redirected to a safe page.
System security for administrators has been increased and we are working closely with TahDah, North Wales Police, the Information Commissioner’s Office (ICO) and Action Fraud to investigate further. As and when more details become available we will update this news article. We are certain that no password or card details have been accessed as passwords are encrypted and the system does not store full card details; these are handled by a separate payment gateway. We would like to apologise for any inconvenience this incident has caused and as a matter of course, suggest that all candidates change their passwords regularly and make sure their electronic devices are using up to date anti-virus software.
The system is fully operational and candidates should continue using the system as normal; registering for schemes, enquiring about courses and logging their activities in DLOG.
We appreciate the help and support we have already received and been offered by candidates and providers. Our attention is currently focused on further investigation and continuing with business as usual.