Data breach notice

Due to a system upgrade initiated by the manufacturer of our membership database and website, Advanced Systems International (ASi), some contact information of users of our website (both members and non-members of ACHSM) was temporarily accessible via a search field in the system on the ACHSM website.

ASi deployed an update to their system, which we believe adjusted the security setting within our system. This resulted in our users' contact data becoming suddenly visible when entering a search term in the search field on our public website. For example if you entered the name John Smith, the search results could potentially give you access to the contact details of anyone with that name on our database.

How much data was publicly displayed also depends on how much data a user had entered in our system when creating or updating their record. Some people only enter an email address, while others include phone and address details so the level of detail can vary between user records.

We estimate that the breach occurred on 24 Jun 2018. We discovered it on 16 Aug 2018.

As soon as we were made aware of the issue, we contacted ASi to request that the issue be rectified urgently. This was resolved within a few hours. We are now conducting weekly checks to ensure that this does not reoccur.

As we believe this issue was caused by a system update deployed by ASi, we have asked the hosting service to ensure they let us know when a new update is being run. We are also running our own checks after each update to ensure our data is safe.

Recommendation

ACHSM recommends that our users be alert of unsolicited emails and phone calls and not respond to those if they do not seem legitimate.