The National Trust has issued a data breach alert after a cyberattack on cloud computing company Blackbaud. Blackbaud provides software to the National Trust. Dozens of universities, museums, schools, churches and food banks have also been affected. The National Trust confirmed that data about its volunteering and fundraising communities has been compromised. Its 5.6 million members are not thought to be at risk.
What happened in the National Trust data breach?
In May, Blackbaud fell victim to a cyber-attack. And, after being held to ransom, the firm paid an undisclosed amount to the cybercriminals.
Despite initially claiming that financial data had not been stolen, Blackbaud has now admitted that bank account information and users’ passwords are among details feared stolen by hackers. Although not everyone will have had their financial details compromised.
The breached information also includes name, date of birth, gender, address, and contact details.
Present volunteers and applicants for the National Trust’s volunteer program could now be compromised.
Has your data been compromised in the National Trust data breach?
The National Trust is currently in the process of identifying and informing those affected. It’s unclear how many people have been put at risk.
In an earlier statement, Jon Townsend, chief information officer at The National Trust said:
We take our data protection obligations extremely seriously. As soon as we became aware of this incident, we launched an internal investigation and are working with the third-party supplier, Blackbaud, to assess whether any further action is needed.
This affected our volunteering and fundraising community and did not involve any data from our membership database. We are currently in the process of identifying and informing those affected.
We have been told that no financial data, credit card, account details or passwords were accessed as a result of the Blackbaud breach and understand that any data that was accessed has since been destroyed.
We have reported the incident to the UK’s regulator for data protection, the Information Commissioner’s Office and the Charity Commission.”
However, it now appears that bank details could be at risk. And, as a result, National Trust volunteers are understandably concerned. The damage that can be caused if cybercriminals use financial and personal information fraudulently could be significant. Questions are also being asked about why Blackbaud took weeks to inform people about the hack – especially as this period could have been used to put robust security measures in place.
Get justice for a data breach violation
At Keller Lenkner UK, our expert data breach lawyers help people to make successful cybercrime claims against companies that have failed to protect their data from fraudsters and hackers.
Specialists in data breach law, we understand what it takes to make a successful data breach claim, regardless of the type of organisation involved.