30 JULY 2020
We have recently been notified by Blackbaud, a third-party service provider, of a major data security incident impacting its customers. We, and a number of other organisations, have been affected. This page provides information on what Blackbaud has told us about the incident, and what we are doing to protect our data.
Blackbaud is a global supplier of software and they host our database of supporters and donors. In May, Blackbaud had been subjected to a ransomware attack. During the attack the cybercriminal was able to remove a sub-set of data belonging to a number of organisations, including our organisation.
We understand that this data relates to names and contact details for our supporters and donors. No bank details, credit card, financial details or sensitive data were taken. Upon confirmation that the stolen data had been destroyed, Blackbaud paid a ransom to the cybercriminal. Blackbaud has reassured us that it has no reason to believe any data went beyond the cybercriminal, and has reported the incident to the authorities and the Information Commissioner’s Office.
We have taken this matter very seriously, and will be working with Blackbaud to understand more about this incident, how it happened, and how they intend to keep our data safe. We have also notified the Information Commissioners Office.
In the meantime, the data stolen is not sensitive or financial, so at this stage you do not need to do anything except remain vigilant and report any suspicious activity to police. Further information is available about staying safe online via this link.
We sincerely apologise for the inconvenience of this data security breach by Blackbaud. We take data protection very seriously and we are grateful for your continued support and understanding. If you have any questions about this matter please contact us.