Forum Security Alert

[Ash]

To all our forum members,

Unfortunately we have become aware that personal data relating to users of these forums may have been accessed from outside the company following a cyber attack on 6 April 2023. It appears that an administrator’s account was compromised, allowing access to our forum members list.

What data was accessed?

The data which may have been accessed is what is on your public forum profile (e.g. username, post count, reputation, joining date, etc.), but additionally includes your Email Address and Last Used IP Address which would ordinarily be private. Thankfully we can be sure it would not have been possible to access your forum account password so that has definitely not been compromised in this breach.

What information is available on your public profile depends on what you have previously given. You can view your profile by logging in to your account and clicking on your avatar in the top right-hand side.

Please be reassured that any information accessed does not include any financial data, purchase history, physical addresses, phone numbers or anything else held within your main Affinity account / AffinityID. The forum is a standalone system which is completely separate from your Affinity account.

We cannot tell what proportion of our forum members’ email addresses were accessed so we are making all members aware as a precaution.

We have reported this incident to the UK Information Commissioner’s Office (ICO) as well as taken immediate steps to make the forum system more secure to avoid this type of attack in future. 

What should you do?

We do not think you need to do anything, other than be mindful that this happened and to follow general advice around email and online account security.

One thing to be particularly diligent with is possible email “phishing” attempts. This will be when someone contacts you pretending to be us, requesting you change your password or give other account information to them. If you are concerned about any email being legitimate, don’t click any links in the email. If you wish to update any of your forum account details type forum.affinity.serif.com into your browser and log into your account from there to be sure.

Generally, if you do receive any suspicious email which you think could have originated via this breach (for example if an email you receive addresses you by your forum username) please let us know.

If you wish to make any such reports or have any further questions, then please contact us at dataprotection@serif.com. Full details of Serif’s Privacy Policy are available on our website https://affinity.serif.com/privacy/.

As well as this forum announcement we are notifying all forum members about this via email.

Customer data security is something we take extremely seriously and, while cyber attacks are an unfortunate reality of doing business today, we are incredibly sorry that your data may have been accessed in this way.

Sincerely,

Ashley Hewson (Managing Director) & Patrick Connor (Data Protection Officer)

[Patrick Connor]

This thread is locked, but a copy of this forum post can be found here where you can ask questions about this incident