'Be prepared:' What one NGO learned from a data security breach

A user logs on a computer with a two-factor authentication system. Photo by: Sarah Pflug / CC0

LONDON — It was just before Thanksgiving when Karl Lowe, chief information officer at Catholic Relief Services, got word of bad news. The RedRose system it uses for digital payments in West Africa had been hacked, exposing personal, geographic, and photographic data about its beneficiaries.

The vulnerability began with a password. “If you look at any breach, that is the easiest way to get into someone’s system,” said Lowe. Mautinoa Technologies, a company working on similar projects to RedRose, had been investigating its competition when a staff member stumbled across an old password and user ID for one of the CRS systems, enabling them to gain access. The fault “was squarely on our shoulders,” Lowe acknowledged. Mautinoa said it also revealed systematic weaknesses in RedRose’s security, which both RedRose and CRS deny.

This article is for Devex Members

For full access to the content of the article sign in or join Devex.

About the author

  • Jessica abrahams

    Jessica Abrahams

    Jessica Abrahams is Devex's Associate Editor for Europe. Based in London, she was previously an editor at Prospect magazine and has written for publications including the Guardian, the Telegraph, Bloomberg News, and Germany's taz.die tageszeitung with a focus on global women's rights and social affairs. She holds graduate degrees in journalism from City University London and in international relations from Institut Barcelona d'Estudis Internacionals.