Kin Fund Services October 2023 Cyber Attack
For the initial communications and subsequent updates please click here.
Frequently Asked Questions
Last reviewed: 17/11/2023
What has happened?
On 19th October we became aware that a digital storage facility used by our systems had been accessed by an unauthorised third party and the files it contained had been deleted. A ransom note was left in their place.
What data may have been affected?
The folders contained Excel files and PDF documents which included (depending on the affected individual) the following information:
- National Insurance Number (or non-UK equivalent)
- Nationality and citizenship information
- Contact email
- Contact phone
- Details of investments and holdings
- Details of a financial adviser or intermediary (if applicable)
The files did not contain bank account information.
What can I do to protect myself?
We recommend being vigilant over the coming weeks with any inbound emails to your personal email inboxes, particularly those that contain links, or calls to your personal telephone numbers.
If you are a UK resident we are offering you 12 months of free credit and web monitoring services, provided by Experian, one of the UK’s leading Credit Reference agencies.
We also advise you to visit the Action Fraud website at https://www.actionfraud.police.uk/a-z-of-fraud/identity-fraud-and-identity-theft, which provides more information about the potential risks.
What data was not affected?
We can confirm with certainty that the following data has not been accessed in this incident, which includes KYC (Know Your Customer) documentation used for Anti-Money Laundering checks:
- Passport information
- Utility Bills
- Driving Licences
- Bank statements
- Bank details
Has my data been lost?
No, we take regular back-ups of all our digital data, so the files were swiftly restored meaning there has been no permanent data loss or operational impact on our services.
Are my investments and cash safe?
Please be assured that your investments and any cash we hold for you are secure. They are held entirely separately to this data, and we have controls in place to verify all instructions relating to your account.
How did this happen? What security measures were in place?
We have always considered the threat from cybercriminals to be very real; hacking and cybercrime is a recognised and increasing global issue with both attacks and defences under constant development.
After a similar attack happened last year within our industry, we conducted a review of our security systems and made several changes and improvements. The controls and systems we have in place are constantly evolving. They include, but are not limited to, device encryption, multi-factor authentication (MFA), virtual private networks (VPNs), password management systems and access location restrictions. We also conduct regular cyber security reviews, and had started one shortly before this incident, and we train all our staff on cyber security risks on a regular basis.
Unfortunately, no security measures can provide complete protection and, in this instance, it appears a vulnerability we were unaware of was exploited.
What actions are being taken?
We are working with IT professionals and forensic experts to determine the cause of the incident. We have reset security keys and passwords and installed additional security measures to guard against a repeat of the incursion. In addition, we are reassessing all areas of our systems for any other potential vulnerabilities to protect individuals’ data.
Whilst this is something that we do on a regular basis, we understand that the cyber security landscape is ever evolving, with new vulnerabilities and techniques being leveraged by criminals every day.
What is the credit and monitoring service providing?
This service helps detect possible misuse of your personal data and provides you with identity monitoring support, focussed on the identification and resolution of identity theft.
Once your membership is activated, you will have access to the following features:
- Unlimited access to your Experian Fraud Report.
- Credit Alerting – an email or SMS to let you know when certain changes happen on your Experian Credit Report, such as the addition of a new credit search.
- Access to Experian’s CreditLock feature so you can Lock your Experian Credit Report when you’re not applying for credit.
- Web monitoring – an alert by email or SMS which confirms that personal information has been found on the dark web.
- Access to Experian’s Victims of Fraud service if you do become a victim of fraud, who will support you in resolving fraud that has occurred.
- If you are at higher risk of fraud, Experian can add protective Cifas registration to your Credit Report which can help prevent credit being taken in your name.
If you have any questions regarding this service, then please contact Experian’s Customer Support Centre on Tel. 03444 818182
Do I need to change my bank account?
No; no personal bank details have been affected by this data breach. However, we would always advise you to remain vigilant and report any suspicious activity to your bank.
Can I continue to pay money to you as normal?
Yes, none of the bank accounts we operate have been affected. It is important to note that we will not change our bank details under any circumstances, so if you receive a request to pay money to us to an account you don’t recognise, we suggest you contact us using the details available on our website.
If you make a payment to us from a UK bank using internet banking you can verify our account details using ‘Confirmation of Payee’, which is available with most major banks. To achieve a payee match you should enter our Account Name as ‘KIN Capital Partners LLP’.
When will we know the full details of this breach?
We are currently working closely with IT professionals and the relevant governing bodies to investigate exactly what has happened so that we can understand the cause of the incident. We will be keeping investors up to date on any developments via our website. You can go to https://www.kinfundservices.com/databreach/ for more information. However, please keep in mind that forensic examination of systems and data can take a significant amount of time.
We will be in touch directly with anyone who needs to take any particular action once our investigation has concluded, and it is appropriate for us to do so. For now though, we wanted to let you know that it is possible that the personal information listed above might have been impacted. This is the priority aspect of our investigation, and we recommend you stay vigilant to unusual contact being made (by phone, email etc), and of course any suspicious banking activity.
Do I, as an investor, need to do anything?
No, you do not need to take any specific action.
Why haven’t you told investors sooner?
We have communicated with investors as soon as we had clear information to provide. In an effort not to misinform or misrepresent the situation we have worked as swiftly as possible to collate as much accurate information on the incident as possible before issuing communications. This process has taken some time given the complexity of modern data storage, the potential access routes and the volume of data involved.