Statement regarding ransomware attack on Kin Fund Services

Last reviewed 17/11/2023

For Frequently Asked Questions regarding the breach, please click here.

Cyber Incident Conclusion – 17/11/2023

The investigation of the cyber incident by the specialist cyber security firm is now complete.  They have analysed the available log data and undertaken a broad and comprehensive investigation.  This has enabled them to confirm, with high confidence, our assumptions about the specific storage facilities that were impacted and the files that were compromised.  They have not identified any evidence of references to the attack on the dark web or any traces of our data having been published.  Based on the available evidence, we do not consider that this incident poses any ongoing material risk to investors, our clients or our business. 

We have already implemented changes to the security of the digital storage facility that was impacted, and we will continue to review and update security measures across our systems.  Following the attack, we immediately replaced passwords and other system credentials and have restricted access to the storage facility to specific internal channels within our system architecture. 

We would like to apologise again for any concern or inconvenience this incident may have caused.  Please be assured that the protection of personal data is of the utmost importance to us and that we strive for the highest standards of data security throughout our business.  In addition to regular technical reviews and improvements, we regularly train and update all our staff on data protection and cyber security.  We have learned lessons from this incident and are confident that our systems are protected against a similar incident in the future. 

Cyber Incident Update – 07/11/2023

The investigation by the specialist third party cyber security firm is ongoing.  The findings from their investigation to date indicate that the party responsible for the attack had limited access to specific part of our system environment.  The chain associated with the ransomware attack suggests that the motive of the threat actor was to download and delete the data for the purpose of soliciting a ransom.  Our current working assumption is that this was a non-targeted attack that sought to identify and exploit vulnerabilities in the configuration of the specific type of storage facility that was attacked.

It is important to note we do not operate a network, on our premises or in the cloud, which means that the software and digital services we use are not interconnected through servers.  Therefore, a cyber-criminal is not able to enter one system and gain access to others.  Our main IT operations, are separate and unaffected, and they have independent security.  We are confident that the attack has been contained and there is no impact to our wider business operations.

Whilst it is hard to give an accurate timescale due to the detailed nature of the investigation, we currently estimate that the forensic investigation will conclude by the end of this week (10th Nov).  We are expecting a report of the investigation next week and will share any material findings at an appropriate time.

Cyber Incident Notification – 03/11/2023

On 19th October the firm’s technical team discovered that files had been deleted from one of our external cloud-based storage systems. A text file containing a ransom note was left in their place. We also identified evidence that some files may have been ex-filtrated from our systems.  The data in the impacted files contained personal contact details and investment details for investors. No bank account details were compromised.

The data that was deleted was swiftly restored from back-ups and remedial measures were put in place.

The servers that host our main database and internal IT systems are separate to the storage system that was compromised. A full sweep of our other systems has confirmed that no other systems have been compromised. We are currently working closely with a specialist third party cyber security firm which specialises in incident response to understand precisely how intruders gained access. A full investigation is currently being carried out. The Police, Information Commissioner’s Office and the FCA have been informed.

The firm’s ability to service clients has not been impacted and we continue to operate normally.

“We have always considered the threat from cyber criminals to be very real; hacking and cyber-crime is a recognised and increasing global issue with both attacks and defenses under constant development. Having witnessed another firm in our industry suffer a similar incident last year, we conducted a thorough review of our own cyber security. We subsequently implemented a number of upgrades to our already significant security measures. At the time of the attack, a test of our security systems was already underway, by a 3rd party penetration testing company we had engaged. Unfortunately, no security measures can protect a firm 100% and, in this instance, it appears a vulnerability we were unaware of was exploited. Clearly there is more work for us to do here.  I am deeply sorry for any distress this has caused our clients and their investors.”  Richard Hoskins, Co-Principal – Kin Fund Services.

Investors whose data has potentially been compromised will shortly be receiving an email from us and we will inform their financial advisers. We have also informed our corporate fund manager clients.

Investors that have questions are advised to email, call 0203 743 3100 or contact their independent financial adviser.

For Frequently Asked Questions regarding the breach, please click here.