14 DAY TRIAL // The eggheads at High IQ Society Mensa have denied reports that their website was hacked earlier this year, says The Register.
Instead, the society speculated that the leak of personal information, currently under investigation by authorities, could be an inside job.
A series of cyberattacks in January and February left security staff shaking their heads as they tried to resolve the issue. Following the attacks, some members' personal information was exposed.
Mensa responded with a series of investigations by its IT contractors that found there was no external breach. A thorough investigation into system security and processes followed.
Chris Leek, Chairman of British Mensa, stated in an email viewed by The Register last Friday:
"Reports at the time appeared to be designed to discredit Mensa by suggesting that we had been ‘hacked’ i.e. there had been a breach of data through our website. [I] am pleased to report that our systems were found to be robust and at no immediate risk of a breach from external sources".
The unauthorized Internal Download is being investigated by the police
"However, I can now also confirm that during initial investigations by our IT contractors, it was discovered that an unauthorised internal download of the database had taken place. The police are continuing to investigate that incident".
The Mensa spokesperson declined to elaborate or comment on the incident while the case is still under police investigation. After the incident, she alerted the Information Commissioner's Office, Action Fraud, and West Midlands Police.
Although Mensa has been given a clean bill of health for its networks, it says it has made a number of adjustments to improve security, including asking all users to reset passwords and make them harder to crack.
Eugene Hopkinson and Emily Shovlar, two board members at British Mensa, told Financial Times late in January that they had resigned owing to concerns about the organization's cybersecurity measures.
Hopkinson, the UK arm's technology chief until his resignation, claimed at the time that member passwords were not hashed. According to another individual, the password was emailed to him in plain text.