Hackers have stolen the personal details of nearly 8,000 visitors to Oxford University’s Ashmolean Museum, but the museum is telling people not to worry, reports the Guardian.
The Ashmolean has sent an email to those 7,757 people whose names, addresses, email addresses, and date and time of visit had been accessed by a hacker who attacked the institution’s website. In an email to those affected, after apologizing, the institution assured everyone that no financial information was compromised, so there is only a “small risk” of identity theft. More likely, they can look forward to “some unwanted marketing communications, whether by email, post or telephone.”
According to Graham Cluley, an online security expert, this somewhat downplays the potential issues that could arise. “It’s easy to imagine how scammers could use the telephone contact details and information about when people have visited the museum to trick the unwary into believing that it is the museum contacting them. This would be a pretty convincing ruse, and could lead to innocent members of the public being stung for donations,” he told the Guardian.
Cluley also raises the possibility of phishing emails that could infect computers with malware. Such cyber attacks are common, but are usually blocked.
This time around, the hackers were more successful. “We are strengthening our web protection to ensure that this type of incident does not happen again,” the museum’s email promised.