Blackbaud data breach
We’ve been told by the provider of our database (Blackbaud) that it has had a data breach. We do not think that there is a risk to anyone we have information on, but want to make sure that everyone has the information they need to decide if this is a problem.
Like a lot of charities, we use Blackbaud as a third-party service provider to manage our communication with our fundraisers and supporters. Blackbaud has recently let us know that it discovered and stopped a ransomware attack. After discovering the attack, it successfully stopped the cybercriminal, but before it did, the cybercriminal removed a copy of our backup file containing your personal information. This occurred at some point beginning on 7 February 2020 possibly until 20 May 2020.
There’s more information about this breach in this BBC article https://www.bbc.co.uk/news/technology-53567699
What information was involved
It’s important to note that the cybercriminal did not access any credit card information, bank account information or other financial data. However, they may have had access to other personal information of people we’ve talked to, for example: contact information (name, address, phone number), and a history of relationships with our organisation, like donation dates and amounts.
Please note, this hack did not affect any of our information from our direct services (the helpline and our web chat), or our On Track database of member information.
We have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be shared or otherwise made public.
What we are doing
We have reported this incident to the Information Commissioner’s Office (ICO) and we and the ICO believe that the risk to you is very low.
You should always be wary of people claiming to represent Women’s Aid telephoning, emailing or writing to you asking for information about you, or asking to confirm your payment details. You can always confirm that a contact is genuine by writing to us at [email protected], and the appropriate team can let you know if they have genuinely been in touch.
Blackbaud has made several changes that will protect your data from any future incidents. It has improved its systems and practices and tested them. Women’s Aid will look at these changes carefully and decide if this system is still safe to use for our contact data.
What you can do
You should always be cautious about anyone contacting you to ask for details. We will only contact you by post or email, and we never phone to ask you to increase your donation, or to confirm your bank details. If you’re worried, you can always email us at [email protected], or check our website for genuine direct email addresses. You can also report your concerns to:
CIFAS – The UK’s Fraud Prevention Service
7 – 12 Tavistock Square
You can also get more advice at Action Fraud (England, Wales and Northern Ireland) or Police Scotland (as Action Fraud do not deal with people who live in Scotland).
For more information
We are very sorry that our supporters’ data has been accessed. If you have any more questions, you can contact us at [email protected] and we will respond within two working days.