Message To Our Supporters – Information About Your Data
We have recently been informed about a cyber-attack that has affected one of our suppliers called Blackbaud, who host our supporter database as well as databases for many other organisations. While we have been informed the risk to individuals’ data is very low, we believe this incident may have unfortunately included some of your information.
The cyber-attack resulted in some details of our supporters being accessed. This included names, addresses, email addresses and telephone numbers. All financial information held by Blackbaud is encrypted and we are confident that this has not been breached.
Blackbaud have informed us that, to the best of their knowledge, all of the details that were accessed have now been destroyed and there is currently no evidence of the data being used. Blackbaud has set out further details about the incident on their website.
Following Blackbaud’s investigation into this incident, and the investigation of specialist law enforcement, they have assured us that the risk to our supporters is low. We are advising all of our affected supporters to be wary of any unexpected communications and continue to be cautious with any suspicious emails, letters or phone calls.
We are not the only charity that has been affected and even with the low risk we wanted to be honest with you and make sure you know everything that we know.
Who are Blackbaud?
Blackbaud provide data and technology services to many educational and charitable organisations and have done so for many years securely. Blackbaud have notified and apologised to any organisations affected by this situation.
What data has been accessed?
Some of our supporters details were accessed, including names, addresses, email addresses and telephone numbers.
Was any financial information accessed?
No. We are reassured that the data accessed did not include financial information, which was encrypted.
What risks are there as a result of my data being accessed?
We have been assured by Blackbaud that the risk to our supporters is very low, but we would urge all our affected supporters to be wary of any unexpected communications and continue to practise necessary caution when dealing with any suspicious emails, calls or letters. If you receive a communication from The Leprosy Mission Scotland that you are unsure about, or have any further questions about the issue, please contact our Supporters Services team.
What is The Leprosy Mission Scotland doing about the data breach?
We have formally notified the Information Commissioner’s Office (ICO) and are following their advice and guidance, and we have notified the Office of the Scottish Charity Regulator.
We are monitoring Blackbaud’s investigation into this event and will ensure we take any further actions that need to be taken for all of our security.
Like you, we are incredibly frustrated by this incident. Please rest assured that we take your data and privacy seriously. We are also immensely grateful for your contribution to The Leprosy Mission Scotland, which is helping to make leprosy a thing of the past.