On Thursday 16 July we were made aware of a data breach involving one of our third-party service providers, Blackbaud, which involved some of the data we hold on our contacts database. Blackbaud provides us with our customer relationship management system and is one of the world’s largest providers of such systems for charities and non-profits.
In Blackbaud’s official communication to customers they stated that this was a malicious, criminal act (“Ransomware attack”). Blackbaud paid the cybercriminal’s demand with confirmation that the copy of data they removed had been destroyed. Based on the nature of the incident, their research, and law enforcement investigation, they have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.
The information we keep on our database is very limited and included names, addresses, email addresses, donation/ membership amounts and dates of payment. No financial information or bank details were involved.
Considering all aspects of our constituents personal exposure to this data breach, the ICO (Information Commissioner’s Office) considers it a very low-risk incident. We have reported the breach to the ICO and Charity Commission and have informed everyone affected.
Data theft is unfortunately on the increase worldwide – if you experience any suspicious activity or suspected identity theft, you should report promptly to the appropriate law enforcement authorities.
If you would like to find out more about how to be safe online, we recommend reading the information on the following websites:
www.ncsc.gov.uk/guidance/suspicious-email-actions
www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online
www.equifax.co.uk/resources/identity_protection/how-to-spot-a-phishing-email.html
As part of ongoing efforts to help prevent something like this from happening again, Blackbaud has already implemented several changes that will protect your data from any subsequent incidents.
We sincerely apologise for any concern this unfortunate incident may cause you and please get in touch if you have any further questions at hello@leedspiano.com – we’re here to help.
With all good wishes,
The Leeds Team