Charity update: Recent cybercrime incident
We want to make our community aware of a cybercrime incident relating to two of our recent online support groups.
This week, we learned that two of our private PANS PANDAS UK Online Support Group meetings had been unlawfully accessed and recorded without our knowledge or consent by an external third-party company based in the US known as ‘WebinarTV.us’. The recordings were subsequently made publicly available online by that organisation.
We are horrified that this vital private support space has been compromised in this way and that the community members present at the two meetings in question, along with our support staff, have been victims of this form of online ‘content scraping’ and exploitation.
How did this happen?
In spite of numerous measures to ensure these online meetings were private and secure, including a robust registration process, a waiting room and staff-moderated verification process, and tight security settings in our Zoom meetings, WebinarTV.us was able to illegally access Zoom and screen record two of our online support group sessions.
We understand that for this type of cyber-crime, access is typically gained through third-party browser extensions such as AI-powered transcription or auto-join tools. Users are often unaware that these extensions exist, nor that they have inadvertently given calendar permissions to the extensions. This can happen to anyone, and then when a user joins a Zoom meeting, this enables the extension to unlawfully screen record a meeting without consent and without any of the people in the meeting being aware this is happening.
There is no evidence of any technical breach of PANS PANDAS UK systems nor of any member accounts, passwords, payment information, or internal charity systems having been compromised.
How do I know if I have been affected?
Our main priorities upon learning of this cyber incident were to ensure that the recordings were immediately removed from the platform and that those community members directly affected were notified as swiftly as possible.
We can confirm that we have reached out to all individuals who were present at these two meetings. If you have not been contacted, this means that you were not present at either meeting.
The recordings have now been removed and are no longer publicly accessible.
What else have PANS PANDAS UK done to address the situation?
Alongside these actions, we:
- issued a formal demand to WebinarTV.us for the immediate removal and deletion of all recordings and associated content
- reported the incident to the Information Commissioners Office
- reported the matter to the Charities Commission for England and Wales. We were informed by the Office of the Scottish Charity Regulator that we did not need to report it to them
- informed the Police and Report Fraud, the Cyber Crime and Fraud UK Police Reporting System
- reviewed and further strengthened all of our online meeting and safeguarding procedures.
To further protect our community:
- we will no longer use Zoom for our support groups and sensitive meetings
- all future meetings will move to Microsoft Teams, where we can implement stronger security controls, including tighter attendee authentication, improved access management, more controlled permissions, and enhanced monitoring features
- we are introducing additional security safeguards to reduce the risk of this happening again, including even stricter registration and meeting access procedures
While no online platform can ever be completely risk-free, we believe these additional measures will further safeguard the security and privacy of our support spaces going forward.
Our message to the community
We are deeply shocked and saddened that the privacy of these community members has been compromised through this cybercrime. Please know that we are taking this matter extremely seriously and will continue to do everything possible to ensure that we can offer support to our community in a safe, private and secure way.
If you have any further questions about this incident, please get in touch at info@panspandasuk.org
More information:
What happened?
A third-party organisation called WebinarTV.us, illegally accessed and recorded two private PANS PANDAS UK online support group meetings without our knowledge, permission or consent.
Those recordings were then made publicly available on their online platform. As soon as PANS PANDAS UK became aware of the issue, we acted immediately to have the recordings removed and to report the matter to the relevant authorities.
Does this mean you record support group meetings?
No, PANS PANDAS UK do not, and would not, ever record or condone recording of our online support group meetings. This incident occurred due to a third party illegally accessing Zoom and screen recording two sessions.
Were PANS PANDAS UK systems hacked?
No. There is no evidence that PANS PANDAS UK’s internal systems, databases, passwords, payment systems, or member accounts were compromised. The incident relates specifically to the illegal and unauthorised recording of online meetings on the Zoom platform by an external third party.
Was personal or financial information exposed?
No. There is no evidence to suggest that financial information, passwords, or member account data were accessed or compromised. However, individuals who attended the affected meetings may have had elements of their participation visible within the recordings, such as names, voices, or video participation depending on individual meeting settings.
How did the third-party organisation gain access to the support groups?
We understand that for this type of cyber-crime, access is typically gained through third-party browser extensions such as AI-powered transcription or auto-join tools. Users are often unaware that these extensions exist, but they are inadvertently given calendar permissions by their users. This can happen to anyone, and then when a community member joins a Zoom meeting, this enables the extension to unlawfully screen record a meeting without consent. At this stage, there is no evidence of any technical breach of PANS PANDAS UK systems.
Why was Zoom being used
Zoom is a platform which is widely used by charities, healthcare organisations, and support groups worldwide because it provides accessible and practical online meeting facilities. However, following this incident, PANS PANDAS UK has reviewed the risks of staying with Zoom and decided to move future support groups to Microsoft Teams.
Why are you moving to Microsoft Teams?
Microsoft Teams provides additional functionality to create more enhanced security and administrative controls that we believe are better suited to the sensitive nature of our support meetings. These include stronger authentication requirements, tighter attendee management, improved access permissions, and enhanced monitoring capabilities.
Are the recordings still online?
No. We can confirm the recordings have now been removed and are no longer publicly accessible.
Have affected members been informed?
Yes. We have reached out to everyone who has been affected by this situation to ensure they are aware of the situation, the actions we have taken, the additional safeguards now being introduced and what action they can take if they wish to.
How do I know if I have been affected?
Everyone who attended the relevant meetings has been informed personally. If you have not heard from us directly, then you have not been affected.
Have any other PANS PANDAS UK online meetings or groups been recorded by WebinarTV.us?
To the best of our knowledge, it is only these two particular support group meetings which have been recorded and shared. We have manually searched the online platform for evidence of other PANS PANDAS UK meetings having been recorded and found none.
What action has PANS PANDAS UK taken?
PANS PANDAS UK has:
- issued a formal demand for the removal and deletion of all recordings
- informed the Information Commissioner’s Office (ICO)
- informed the Charity Commission for England and Wales and Office of the Scottish Charity Regulator
- informed Zoom of the incident
- informed the UK cyber-crime reporting system and the police
- further strengthened all safeguarding and meeting security procedures
What have WebinarTV.us had to say?
Following our formal demand to have the webinars removed, WebinarTV.us responded to confirm that the webinar listings have been removed from their system and will no longer be shared or promoted in any way. There was no apology or explanation as to how or why they accessed these sensitive and private meetings, or any mention about the illegal nature of this scraping activity. At this stage, our priority is to protect our community, ensuring all content is removed, and pursuing the matter through the appropriate regulatory channels
Could this happen again?
Unfortunately, no online platform can ever be entirely risk-free, especially as AI continues to evolve. However, we are implementing even stronger controls and procedures to substantially reduce the likelihood of a similar incident occurring again.
What additional controls are you implementing?
We are:
- moving all support meetings to Microsoft Teams
- implementing stricter registration processes
- collecting enhanced attendee information
- tightening up meeting permissions
- improving moderation and monitoring procedures
- revising safeguarding and access protocols
Should community members change their passwords?
There is currently no evidence that passwords or accounts were compromised. However, as good general cyber security practice, individuals may still wish to update passwords regularly and ensure they use strong, unique passwords and two-factor authentication where available.
What can community members do to help keep support meetings safe?
We all play an important role in helping keep our support spaces safe, private, and supportive. Community members can help by:
- not sharing meeting links, passwords, or joining information with others
- registering only through official charity communications and using their own name when attending meetings where possible
- joining meetings from a private and secure location to help protect confidentiality
- keeping their own devices updated and using secure passwords and two-factor authentication where available
While no online environment can ever be completely risk-free, these actions, alongside the additional safeguards being implemented by PANS PANDAS UK, will help make our support spaces significantly safer and more secure for everyone.
Did PANS PANDAS UK do anything wrong?
No. PANS PANDAS UK did not authorise, permit, or knowingly allow these recordings to take place. The organisation implements strong security processes and has itself been a victim of this illegal activity. PANS PANDAS UK acted promptly once aware of the incident.
Will support groups continue?
Yes. Supporting families and individuals remains central to our work. Online support groups will continue, with additional security and safeguarding measures introduced to better protect attendees.
Have you informed the police?
We have informed the police and the UK’s cybercrime and fraud reporting system. Both organisations confirmed that we could not report it as a crime, and that only the individuals affected could report it as a ‘stolen identity’ crime and they have been made aware of this. We have offered to support any community members to make a complaint, or report this as a crime.
What should I do if I am concerned?
Anyone with concerns is encouraged to contact PANS PANDAS UK directly via info@panspandasuk.org. We understand this incident may feel upsetting, and we are committed to supporting our community and answering questions openly and transparently.
