BAFTA user data potentially stolen after website "compromised"

BAFTA Guru website victim of a security breach and users warned they may want to change passwords

The British Academy of Film and Television Arts - BAFTA - has revealed that part of its website has been "compromised by illegal means" and it's not currently guaranteed that hackers haven't made off with details of individuals on the BAFTA Guru mailing list.

The BAFTA Guru website offers advice from well-known individuals in film, television and games and members regularly receive emails about special events at BAFTA. While BAFTA says there's currently no evidence that hackers made off with details about those on the mailing list, it has warned users to be vigilant.

Data stored on BAFTA Guru included first and last names, email addresses, age and encryption-protected passwords.

The breach was first discovered on 23 January, with BAFTA informing users that the Guru website was compromised almost a week later. A statement by BAFTA Guru says the website has been moved to a different server with "upgraded security measures in place."

A statement from BAFTA suggests that even though there's no evidence data was stolen, users might want to change passwords on other websites if their user details are the same.

"Although there is no evidence at this time to indicate that any data was taken, in the spirit of openness and transparency we have made users of the site aware of this situation so that they can take precautionary measures they feel appropriate, such as changing their passwords on any website where they may have used the same user ID and password," said BAFTA.

The organisation said it launched an immediate investigation once made aware BAFTA Guru had been compromised in addition to moving the site to a new server and "securely deleting" all email addresses and passwords from the database. BAFTA has also advised users to be mindful of any other contact regarding the hack.

"We will not be sending you any further emails relating to this and we will never use email to prompt you to disclose personal information. Please be wary of any suspicious emails purporting to be from BAFTA," read an email from BAFTA COO Kevin Price.

An investigation as to how the breach occurred is still ongoing and BAFTA is working with relevant authorities, including the Information Commissioner's Office (ICO), while it occurs.

"We take the matter extremely seriously and feel that the security of our users is paramount, therefore we have contacted the (ICO) with details of the breach.

According to BAFTA, nobody has claimed responsibility for the attack. The main BAFTA website wasn't targeted or affected by the breach.