On 16 July, we were made aware that the technology provider Blackbaud had been the victim of a ransomware attack on its systems. Blackbaud is one of the largest suppliers of software tools to the not-for-profit sector, and so this attack affects a very large proportion of charities, schools and universities. Blackbaud currently provides the Customer Relationship Management software Raiser’s Edge to Chance to Shine.

Blackbaud reported to us that they discovered and stopped the attack but that attackers did obtain a copy of a back-up data file containing some basic personal data. This basic personal data includes name, contact details and a record of any engagement with supporters, however the attackers did not gain access to any credit card or banking information. Furthermore, Chance to Shine do not use the software to process or store any credit card or banking details. It is primarily used to track interactions with our supporters including, but not limited to, event invitations/attendance, contact details and records of donations. 

We take our data protection responsibilities exceptionally seriously and, as well as reporting the breach to the Information Commissioner’s Office (ICO), we have launched our own investigation into the incident. We will continue to follow the legal guidelines and act accordingly with any recommendation we receive from the ICO or other regulatory body.

Whilst we believe there is no need for any of our supporters to be alarmed or to take action at this time, we understand that this could be a source of concern for our supporters. We would urge anyone who is concerned to contact our Data Protection Officer by emailing [email protected].