Heart play download Twitter Facebook Facebook Twitter tick linkedin linkedin-circle upload refresh cross-2 menu search youtube cross-3 rounded-right-pointer rounded-down-pointer quotes-opening quotes-closing snowflake pause file-pdf instagram

Blackbaud cyberattack

We have been informed by Blackbaud, one of the world’s largest providers of customer relationship management systems, that they have been the victim of a cyberattack. You may have seen this in the news already. As they are a third-party service provider, this breach has unfortunately affected many organisations and charities worldwide, including CHAS.

Blackbaud tell us that the cybercriminal was able to remove a copy of a subset of data from a number of their clients, which included our database Raiser’s Edge where we record engagement with our supporters and volunteers. There is no impact whatsoever on our system for storing care information. This breach is deeply frustrating for CHAS, our supporters and volunteers.

While we have been assured that the risk to data subjects is low as Blackbaud paid the ransom and the cyber criminals destroyed the data, this can’t be verified so it’s important those directly affected are made aware.

What information was obtained?

The data contained personal information such as name, date of birth, and contact details. It may also have contained details regarding current and previous engagement with CHAS, such as volunteering activity, correspondence with you as a supporter, or records of your kind and generous donations or attendance at events. We are advised by Blackbaud that encrypted information, which includes most financial information, was not accessed, but are investigating this aspect further and in much more detail.

What CHAS is doing

  • We are letting you know through this statement on our website, so that people in the CHAS community can be vigilant;
  • We are continuing to investigate this breach and if there is any suggestion that anyone’s sensitive personal information has been accessed, we will contact them directly with detailed information;
  • We have notified the Information Commissioner’s Office;
  • We are also continuing to investigate this matter with Blackbaud to ensure all data remains secure;
  • We are reviewing our arrangements with Blackbaud, with a particular emphasis on current and new security arrangements, and why there was a delay in notifying us of the breach.

What you can do

Unless you receive a direct communication from CHAS, there is no immediate need for you to take any action at this time. However, we encourage you to remain vigilant and report any suspicious activity or suspected identity theft promptly. There is further useful information on the Information Commissioner’s Office and Police Scotland’s websites:

What happens next?

We thank you as ever for your support of CHAS and the difference you make to children and families across Scotland. This incident falls way short of the experience we want our supporters and volunteers to have and we assure you that we take our responsibility to protect you and your data very seriously. Our privacy notice details how we use your data, how we keep it safe and how to opt out of data processing activities. View our privacy policy here.

We hope that the information provided above is both clear and helpful but please do get in touch via our dedicated inbox: BlackbaudResponse@chas.org.uk.

If you want to talk to someone about your own situation or find out more about our services, please get in touch: