Blackbaud data breach

Blackbaud data breach

We’ve been told by the provider of our database (Blackbaud) that it has had a data breach. We do not think that there is a risk to anyone we have information on, but want to make sure that everyone has the information they need to decide if this is a problem.

What happened

Like a lot of charities, we use Blackbaud as a third-party service provider to manage our communication with our fundraisers and supporters. Blackbaud has recently let us know that it discovered and stopped a ransomware attack. After discovering the attack, it successfully stopped the cybercriminal, but before it did, the cybercriminal removed a copy of our backup file containing your personal information. This occurred at some point beginning on 7 February 2020 possibly until 20 May 2020.

There’s more information about this breach in this BBC article https://www.bbc.co.uk/news/technology-53567699

What information was involved

It’s important to note that the cybercriminal did not access any credit card information, bank account information or other financial data. However, they may have had access to other personal information of people we’ve talked to, for example: contact information (name, address, phone number), and a history of relationships with our organisation, like donation dates and amounts.

Please note, this hack did not affect any of our information from our direct services (the helpline and our web chat), or our On Track database of member information.

We have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be shared or otherwise made public.

What we are doing

We have reported this incident to the Information Commissioner’s Office (ICO) and we and the ICO believe that the risk to you is very low.

You should always be wary of people claiming to represent Women’s Aid telephoning, emailing or writing to you asking for information about you, or asking to confirm your payment details. You can always confirm that a contact is genuine by writing to us at [email protected], and the appropriate team can let you know if they have genuinely been in touch.

Blackbaud has made several changes that will protect your data from any future incidents. It has improved its systems and practices and tested them. Women’s Aid will look at these changes carefully and decide if this system is still safe to use for our contact data.

What you can do

You should always be cautious about anyone contacting you to ask for details. We will only contact you by post or email, and we never phone to ask you to increase your donation, or to confirm your bank details. If you’re worried, you can always email us at [email protected], or check our website for genuine direct email addresses. You can also report your concerns to:

CIFAS – The UK’s Fraud Prevention Service

6th Floor

Lynton House

7 – 12 Tavistock Square

London

WC1H 9LT

www.cifas.org.uk

You can also get more advice at Action Fraud (England, Wales and Northern Ireland) or Police Scotland (as Action Fraud do not deal with people who live in Scotland).

For more information

We are very sorry that our supporters’ data has been accessed. If you have any more questions, you can contact us at [email protected] and we will respond within two working days.

© 2020 Women's Aid Federation of England – Women’s Aid is a company limited by guarantee registered in England No: 3171880.

Women’s Aid is a registered charity in England No. 1054154

Terms & conditionsPrivacy & cookie policySite mapProtect yourself onlineMedia │ Jobs

Log in with your credentials

Forgot your details?