Blackbaud data breach

What has happened, how it impacts you, and what we are doing about it

Who are Blackbaud?

Blackbaud is one of the world’s largest providers of customer relationship management systems for not-for-profit organisations and the higher education sector.

How does The Migraine Trust work with Blackbaud?

We use Blackbaud to host our database of supporters and have done so since 2011. Until this incident, there have been no issues relating to their hosting of our database.

What happened?

We were contacted by Blackbaud in July informing us that they had been the victim of a data hack in May 2020. This involved the removal of a subset of data from a number of their clients, including The Migraine Trust.

A forensic investigation was undertaken for Blackbaud by third-party cyber security experts. Blackbaud have confirmed that the investigation found that no encrypted information, such as bank account details or passwords, nor credit card or other financial information was accessible.

Is there any risk to my personal data?

Whilst details of some of our supporters were within the data set which was hacked (including names, addresses, emails, dates of birth, telephone numbers, reasons for supporting The Migraine Trust and details of support services used) we have been assured by Blackbaud that the risks to our supporters is low. There is no evidence of any personal data being used and, to the best of their knowledge, they consider that all accessed details have since been deleted. All financial data was encrypted and, therefore, was not accessed.

However, we would urge caution when receiving any suspicious emails, correspondence or calls – anything that may appear unusual or out of the ordinary to you. We are always more than happy to confirm to you if any correspondence is from us or to provide verifying details.

What are we doing about the situation?

We immediately launched our own investigation and have taken the following steps:

  • We are notifying you so that you are aware of this breach of Blackbaud’s systems and can remain vigilant
  • We have informed the Information Commissioner’s Office (ICO) and the Charity Commission
  • We are working with Blackbaud to understand how the incident occurred, their response and preventative actions being taken going forwards
  • We are monitoring the situation and will take further actions where needed