Scottish Huntington’s Association uses a company called Blackbaud to store contact information about our supporters. Blackbaud is a world leading provider of this type of service, and is widely used by charities and a range of high profile organisations throughout the country.
We have been made aware of a data security incident experienced by Blackbaud. This incident involves a significant number of UK and US healthcare, educational and not-for-profit organisations, including Scottish Huntington’s Association.
As Scottish Huntington’s Association takes its data protection responsibilities extremely seriously we are hugely disappointed about the Blackbaud breach and immediately launched our own investigation. Further details are provided below.
Blackbaud’s system was compromised in May 2020. This was discovered and blocked, but not before some of the databases held by Blackbaud had been accessed. SHA’s database was one of these.
Blackbaud believes that the accessed data has been destroyed. Blackbaud has now increased the security of its system to prevent a similar attack from happening again.
What information was involved?
Names, addresses, telephone numbers, emails and the nature of your relationship with us could have been accessed. No private health information was ever stored on the accessed database. No financial information was accessed.
Further to the incident Blackbaud commissioned a detailed forensic investigation by law enforcement and third-party cyber security experts. The investigation found that no encrypted information (such as credit card information, bank account details or passwords) was accessed.
What is the risk of my information being misused?
We understand the risk to be extremely low. Nevertheless we wanted to alert contacts to ensure they are aware and able to take additional care in responding to phone calls, emails or letters from organisations they are not familiar with, or which gives cause for suspicion.
What actions has Scottish Huntington’s Association taken?
Whilst we do not believe there is any specific risk to SHA contacts as a result of this breach, we are alerting supporters to ensure they are aware and able to take additional care.
We have informed the Information Commissioner’s Office (ICO) and the Office of the Scottish Charity Regulator (OSCR), and will follow guidance received.
We will continue to communicate with Blackbaud about how it is improving its data security to ensure we can continue to use its services.
What should Scottish Huntington’s Association supporters do?
There is no specific action supporters can or should take. However you may wish to take additional care about post, email or telephone contact you receive and how you respond – and report any suspicious activity to the proper authorities.
SHA is extremely disappointed about Blackbaud’s data breach, as the security of our contacts’ data is hugely important to us. We apologise for any concern caused as a result of this incident.
If anyone would like to contact a member of the SHA management team, they can contact 0141 848 0308 or email email@example.com.