Cyber hackers steal donations data from charity after hack

PUBLISHED: 11:33 15 August 2020 | UPDATED: 11:33 15 August 2020

East Anglias Childrens Hospice had data stolen by cyber attackers. Picture: EACH

East Anglias Childrens Hospice had data stolen by cyber attackers. Picture: EACH


Personal data about donations made to East Anglia’s Children’s Hospice has been stolen by hackers who targeted its security provider.

The charity was notified on July 16 by Blackbaud they had been the subject of a cyber attack, where hackers removed a copy of an historical EACH backup file containing around 65,000 records of supporter and volunteer information up to January 2017.

Blackbaud is one of the world’s largest providers of administration software for higher education and not-for-profit organisations and provides EACH with its Raiser’s Edge software to store details of supporters and their donations.

Information such as name, address, telephone number email address and a person’s donation history up to January 2017.

More: UEA data stolen in ransom attack by cyberhackers

No credit, debit or bank account information was accessed and the charity has written to donors to inform them of the security incident.

You may also want to watch:

An EACH spokesman said: “After discovering the attack, Blackbaud’s cyber security team successfully prevented the cyber attacker from blocking their system access and fully encrypting files, and ultimately expelled them from their system.

“The backup file was created at the point EACH moved data to an alternative hosting centre, with greater security controls, and our current database and information recorded since January 2017 has remained unaffected.

“Since we were notified in July, we have worked closely with Blackbaud to determine the extent of the breach for the organisation.”

Also targeted was the University of East Anglia which reported personal data stored by Blackbaud about former students had been stolen in an attack.

More: Charity sells record 1,100 items online in month

In a Q&A to donors the charity said the attack occurred at some point beginning on February 7 with the cyber-attacker in the system intermittently until May 20.

The spokesman added: “There is no need for our supporters to take any immediate action, but the security of personal data is of the utmost importance to us and we would like to apologise for any concern or distress this may have caused.

“We continue to work with Blackbaud and the Information Commissioner’s Office to investigate this incident further.”

If you value what this story gives you, please consider supporting the Eastern Daily Press. Click the link in the orange box above for details.

Become a supporter

This newspaper has been a central part of community life for many years. Our industry faces testing times, which is why we're asking for your support. Every contribution will help us continue to produce local journalism that makes a measurable difference to our community.

Latest from the Eastern Daily Press