Blackbaud security breach
We have been advised by Blackbaud, a leading supplier of fundraising software to charities and higher education organisations, that it has been the subject of a data security breach and that this has affected a number of their customers, including The Institute of Cancer Research (ICR).
Blackbaud informed us on 16 July 2020 that some ICR data was involved in a ransomware attack in which the cybercriminal removed a copy of a subset of customer data. Blackbaud informed us that they paid the cybercriminals demands in return for confirmation that the copied data they removed had been destroyed.
We understand that contact details, including email addresses, of some ICR supporters were included in the copied data, so we are asking our supporters to please remain extra vigilant and practice the usual caution to any unusual communication. If you receive any suspicious emails, which appear to be from the ICR, please do not click on any links or open attachments. Instead let the ICR know and we can confirm whether the correspondence is from us.
Please be assured that we take protection of your data very seriously. The ICR is undertaking a thorough investigation and has informed the Information Commissioner’s Office (ICO) about this incident. We are also seeking detailed assurances that Blackbaud is taking every necessary step to ensure that it will not be affected by similar incidents in future.