July 2020: Important information about a recent database security incident

We were recently notified of a security incident involving our supporter database, which is hosted by a third-party service provider called Blackbaud.  We understand they discovered and stopped a ransomware attack on our data. This is when cybercriminals attempt to disrupt the business by locking companies out of their own data and servers.

Blackbaud have notified any organisations affected by this data breach and we have been reliably informed that the risk of your data being used by the cybercriminal is very low.  

However, the safety of your data is of the utmost importance to us. We wanted to explain in more detail what happened and what we are doing to protect your data.

What happened?

After discovering the attack, Blackbaud’s Cyber Security team - together with independent forensics experts and law enforcement - successfully prevented the cybercriminal from blocking their system access and fully encrypting files; and ultimately expelled them from their system.  Because protecting customers’ data is their top priority, Blackbaud paid the cybercriminal’s demand with confirmation that the copy of the file they removed had been destroyed. 

Based on the nature of the incident, their research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.

As a number of organisations have been affected by this incident, Blackbaud have provided further details about the attack here.

What information was involved

Prior to locking the cybercriminal out, the cybercriminal removed a copy of our backup supporter database which is hosted by Blackbaud. This may have contained your contact details, including your name, address, email and phone number.

It’s important to note that the cybercriminal did not access your credit card information or bank account information. 

How are Blackbaud and Neuroblastoma UK protecting my information?

As part of their ongoing efforts to help prevent something like this from happening in the future, Blackbaud has already implemented several changes that will protect your data. 

First, the provider’s teams were able to quickly identify the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to fix it. They have confirmed through testing by multiple third parties, including the appropriate platform vendors, that the fix withstands all known attack tactics.  Additionally, they are accelerating efforts to further harden their environment through enhancements to access management, network segmentation, deployment of additional endpoint and network-based platforms.

What we are doing

Ensuring the safety of our supporters’ data is of the utmost importance to us. 

We are following guidance from the Information Commissioner’s Office (ICO) and seeking advice on any further actions that need to be taken. We are also looking at ways to ensure that our current and any future database systems remain robust and that your information is secure.

We recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft by emailing us at hello@neuroblastoma.org.uk. You should also report any incidents to the proper law enforcement authorities.

Please do contact us if you have any questions about this incident. Like you, we are disappointed that this has happened but please know that we are doing all that we can to ensure this does not happen again.

Thank you for your understanding and continued support in the fight against childhood cancer.