Along with many other charities and universities, we were notified late on Thursday 16th July about a criminal attack on Blackbaud’s servers in May. Blackbaud is the company that hosts our supporter database and the database of several other charities. This has therefore meant that some details of our supporters have been accessed, including some personal information like their names, addresses, phone numbers and email addresses as well as giving history. We do not store any credit card information.
We have reported this incident to both the UK Information Commissioner’s Office (ICO) and the Charity Commission at the earliest opportunity to ensure that they are fully aware.
We have been assured by Blackbaud that there is a low risk to International Animal Rescue’s supporters, but all the same we would urge all of our supporters to continue to be wary of unexpected communication and practise the usual caution around suspicious phone calls, emails and letters.
What steps can our supporters take to protect themselves?
As fraud and scams are commonplace, we urge you to always be vigilant.
International Animal Rescue will never telephone you soliciting donations, if you receive a call from anyone claiming to be from International Animal Rescue, please hang up and call us back on:
UK: 01825 767688
Always use our official postal address:
UK: Lime House, Regency Close, Uckfield, East Sussex, TN22 1DS
USA: PO Box 137, Shrewsbury, MA 01545
If you visit our website, make sure that it is the following URL:
More information about protecting against fraud can be found here.
What has Blackbaud done to rectify the situation?
As a matter of urgency we have sought confirmation about the steps Blackbaud has taken to manage the situation. They have informed us that, to the best of their knowledge, all of the details that were accessed have now been destroyed. We are aware that they have paid a ransom to the cybercriminals for assurances that the stolen information has been destroyed. They have worked with law enforcement and a third-party company and have found no evidence that any of the information taken has been used, and continue to monitor for this.
They have informed us that new safeguards have been put in place to prevent this happening again.
What information was accessed?
The database that was affected includes supporters’ contact details (which may include phone number, email address and/or postal address) and some details of the nature of their activity with us, including if they have donated money or purchased merchandise. We do not store any credit card information. Any usernames, passwords and bank details are encrypted and Blackbaud have assured us that these are not affected.
What has International Animal Rescue done since learning about the breach?
At the earliest opportunity, International Animal Rescue took action to report the breach to the Information Commissioner’s Office and we submitted a Serious Incident Report to the Charity Commission. We have also made a statement about the breach on our website. We continue to seek clarity from Blackbaud about how the breach occurred and confirmation of which data may have been accessed, and will notify individuals if it appears that sensitive data has been accessed. We will audit all systems to ensure that our supporter’s data is as safe as possible.
How confident are you that the private data has been destroyed?
Blackbaud have assured us that, to the best of their knowledge, the data has been destroyed, and their ongoing monitoring has shown no sign of any of the information being used fraudulently. We continue to monitor the situation.
We sincerely apologise for this incident and regret any inconvenience it may cause you. Should you have any further questions or concerns regarding this matter and/or the protections available to you, please do not hesitate to contact our data protection lead at: [email protected]
Blackbaud has set out further details about the incident here.