EACH charity victim of international data breach
The East Anglian Children's Hospices charity has confirmed it was a victim of an international data breach, but is stressing no bank information or credit card details were accessed.
The security firm Blackbaud, which stored supporter and volunteer information for EACH from three years ago was targeted.
Thousands of other organisations also had their data accessed.
Each says current data had already been moved to an alternative site with greater security controls and they have written to all of those affected. Here's the full statement from EACH On 16th July 2020, EACH was notified by a third-party service provider, Blackbaud, of a data security incident. Blackbaud told us they were subject to a cyber-attack in which data was removed from one of their data storage centres. This has affected many organisations in the country and across the world. After discovering the attack, Blackbaud’s Cyber Security team successfully prevented the cyber attacker from blocking their system access and fully encrypting files, and ultimately expelled them from their system. Prior to locking the cyber-attacker out, the attacker removed a copy of an historical EACH backup file containing supporter and volunteer information inputted before January 2017. It is important to note that credit and debit card details, and bank account information, were not accessed, and that the attack was aimed at Blackbaud, not EACH, with the purpose of making financial demands on their organisation. The backup file was created at the point EACH moved data to an alternative hosting centre, with greater security controls, and our current database and information recorded since January 2017 has remained unaffected. Since we were notified in July, we have worked closely with Blackbaud to determine the extent of the breach for the organisation. We reported this incident to the Information Commissioner’s Office and, although believe the risk of misuse of the data is extremely low, we have written to those who may have been affected. This letter also includes an EACH Q&A document and details of a dedicated EACH telephone number and email address for further questions or concerns. We continue to work with Blackbaud and the Information Commissioner’s Office to investigate this incident further. There is no need for our supporters to take any immediate action, but the security of personal data is of the utmost importance to us and we would like to apologise for any concern or distress this may have caused.