British Mensa falls victim to cyber attack
Board not looking too clever as two directors resign over lax security
The British branch of Mensa, the society for people with high IQs, admitted last week that it has been hit by a cyber attack.
According to the FT, Mensa CEO John Stevenage informed the board that the society's website had become a victim of the cyber attack.
"There has been a series of events which appear to be designed to discredit Mensa's systems," a spokesperson told the FT.
"As a result, we have handed details of these events to the Information Commissioner's Office with a view to pursuing a criminal investigation."
The society stated that it was investigating the incident that "involved considerable resources".
The website of British Mensa is currently offline, and simply shows the message "site under maintenance" when a visitor tries to access the site.
Mensa is a club open only to those people who score in the 98th percentile or higher in a standardised IQ test. The non-profit organisation was founded nearly 75 years ago and boasts about 18,000 members from the UK alone.
According to the FT, Eugene Hopkinson, who until recently was the director and technology officer at British Mensa's board, resigned from his post last week, accusing the organisation of adopting substandard cyber security practices, potentially exposing the sensitive data of its 18,000 members.
In an open letter published last week, Hopkinson explained his reasons for quitting the board. He said that in the last two years, he has requested Mensa's senior executives many times to address security issues surrounding member passwords.
Hopkinson said that the Mensa members' passwords are not hashed or scrambled, potentially allowing attackers easy access to user accounts. He also stated that Mensa holds lots of sensitive information on its website, including users' email IDs, passwords and home addresses, IQ scores of members/failed applicants, payment card details, and instant messaging conversations.
"At this point, I have no faith that the board will take adequate action to investigate this possible data security breach," Mr Hopkinson said in his letter.
He added that also doubts that the office and the board will report the breach (if confirmed) adequately or take proper measures to prevent further harm.
Following Hopkinson's resignation, Emily Shovlar, a member of British Mensa director's board, also announced on Thursday that she was quitting the board.
Shovlar said that she had "no confidence that the Mensa administration will investigate this breach thoroughly" or will learn any lessons from this experience.