LONDON — It was just before Thanksgiving when Karl Lowe, chief information officer at Catholic Relief Services, got word of bad news. The RedRose system it uses for digital payments in West Africa had been hacked, exposing personal, geographic, and photographic data about its beneficiaries.
The vulnerability began with a password. “If you look at any breach, that is the easiest way to get into someone’s system,” said Lowe. Mautinoa Technologies, a company working on similar projects to RedRose, had been investigating its competition when a staff member stumbled across an old password and user ID for one of the CRS systems, enabling them to gain access. The fault “was squarely on our shoulders,” Lowe acknowledged. Mautinoa said it also revealed systematic weaknesses in RedRose’s security, which both RedRose and CRS deny.
About the author
Jessica Abrahams
Jessica Abrahams is Devex's Associate Editor for Europe. Based in London, she was previously an editor at Prospect magazine and has written for publications including the Guardian, the Telegraph, Bloomberg News, and Germany's taz.die tageszeitung with a focus on global women's rights and social affairs. She holds graduate degrees in journalism from City University London and in international relations from Institut Barcelona d'Estudis Internacionals.
