We have been informed by Blackbaud, one of the world’s largest providers of customer relationship management systems, that they have been the victim of a cyberattack. You may have seen this in the news already. As they are a third-party service provider, this breach has unfortunately affected many organisations and charities worldwide, including CHAS.
Blackbaud tell us that the cybercriminal was able to remove a copy of a subset of data from a number of their clients, which included our database Raiser’s Edge where we record engagement with our supporters and volunteers. There is no impact whatsoever on our system for storing care information. This breach is deeply frustrating for CHAS, our supporters and volunteers.
While we have been assured that the risk to data subjects is low as Blackbaud paid the ransom and the cyber criminals destroyed the data, this can’t be verified so it’s important those directly affected are made aware.
What information was obtained?
The data contained personal information such as name, date of birth, and contact details. It may also have contained details regarding current and previous engagement with CHAS, such as volunteering activity, correspondence with you as a supporter, or records of your kind and generous donations or attendance at events. We are advised by Blackbaud that encrypted information, which includes most financial information, was not accessed, but are investigating this aspect further and in much more detail.
What CHAS is doing
What you can do
Unless you receive a direct communication from CHAS, there is no immediate need for you to take any action at this time. However, we encourage you to remain vigilant and report any suspicious activity or suspected identity theft promptly. There is further useful information on the Information Commissioner’s Office and Police Scotland’s websites:
What happens next?
We hope that the information provided above is both clear and helpful but please do get in touch via our dedicated inbox: BlackbaudResponse@chas.org.uk.