Notice of security incident
We have recently been informed about a cyber attack that has affected one of our software providers called Blackbaud. While we have been informed the risk to individuals’ data is very low, we do not take this lightly, which is why I am getting in touch as a precautionary measure.
Who are Blackbaud?
Blackbaud is a US-based company which has been providing software tools for charities across the world for more than two decades. It has hosted Porchlight’s supporter database for the past five years.
Blackbaud informed us that a cyber attack incident was discovered by them, then immediate steps were taken to deal with it. Porchlight was one of over 50 charities and universities in the UK recently notified that their database had been impacted by this incident.
Who was affected?
We have been told that some of our supporters’ data was affected including name, contact details, gift history and communication details. Blackbaud has confirmed to Porchlight that no credit card information or bank account details were accessed - we do not ever store these on Porchlight’s database.
What was done to resolve this?
Blackbaud worked with its own security teams, fraud investigators and the police, to expel the attacker from its system and ensure affected data was made secure. Blackbaud has set out further details about the incident on its website.
We are very sorry for the concern this may cause. As soon as we were notified, Porchlight reported the incident to the ICO (Information Commissioners Office) and Charity Commission and cooperated fully with their guidance. Based on current information from Blackbaud we believe the risk to your data to be low.
We are now exploring all options with Blackbaud to ensure this does not happen again. Blackbaud has confirmed it now has new measures in place to continue to scan for any suspicious activity and strengthened security systems to prevent future attacks.
What should I do if I am concerned?
We have been advised by Blackbaud that the risk for individual supporters is very low. However, we would urge all our supporters to continue to be wary of any unexpected communications and continue to practice necessary caution when dealing with any suspicious emails, calls or letters. General guidance about this is available on the government’s website.
We understand that it is natural to feel concerned after reading this. If you have any questions please do not hesitate to contact us at firstname.lastname@example.org.
One of our core values is ensuring the privacy rights of all our supporters. As always, we promise to continue to do everything in our power to live up to the trust you have placed in us and thank you for your support