Statement issued Tuesday 11 August 2020.
We were recently notified by Blackbaud, one of our software suppliers, that they have suffered a data breach due to a ransomware attack on their own system. Blackbaud is one of the world’s largest providers of customer relationship management services. Unfortunately, a significant number of universities and charities have been affected by this issue and this list includes Bletchley Park Trust.
This breach involved records containing personal information which may include one or more data fields, such as names, titles, dates of birth, email addresses, donation history, mailing or enewsletter list preference, event attendance or membership, depending on data subjects’ engagement with the Bletchley Park Trust. However, we would like to stress that Blackbaud has reassured us that the issue has been resolved and that the data is secure.
On 16 July 2020 we were contacted by Blackbaud to inform us that they had discovered and stopped a ransomware attack on its systems in May.
The Blackbaud Cyber Security team, along with independent forensics experts and law enforcement agencies, successfully stopped the attack and secured the destruction of any data held by the cybercriminal. Blackbaud has informed us that it has no reason to believe that any data went beyond the cybercriminal and that the data was deleted after they paid a ransom. Accordingly, they advise that they do not believe that it will be misused or will be disseminated or otherwise made available publicly.
We have taken the following actions in response to this incident:
- We commenced a thorough investigation, working with Blackbaud.
Blackbaud have reported this breach to the Information Commissioner’s Office (ICO), and we also submitted our own report to the ICO and are working with them to ascertain any follow up actions required.
- As part of our investigation, we have taken the decision to inform those registered on this database with the information available to us.
- We have provided reassurance that those affected do not need to take any action at this time. No credit, debit card or bank account details were compromised as these are not stored on this Blackbaud platform. We are making all those affected aware so they can remain vigilant and only open and respond to emails from a legitimate contact or source, and not to disclose financial information or passwords to anyone over email.
- We have reviewed Blackbaud’s assurances around their security and privacy measures, to ensure our data remains as secure and protected.
- We have initiated a review of how and where we store our data and our future relationship with Blackbaud.
Bletchley Park Trust continues to work closely with Blackbaud and the ICO to ensure any risks are mitigated resulting from this breach.
We take data protection extremely seriously, and we are very disappointed that this has happened. We are very sorry for any inconvenience caused to those affected.
If you would like to speak to a member of the team about this incident, please email [email protected] to request a callback.
Any media enquiries, please contact our Communications team either via email [email protected] or call +44(0)7487 730193