The charity and membership organization for heritage conservation in England, Wales, and Northern Ireland has been contacting volunteers by email to notify them of the breach.
National Trust data exposed as a result of the ransomware attack on Blackbaud belongs to past and present volunteers and applicants for the trust’s volunteer program.
Compromised information includes name, date of birth, gender, address, and contact details. The Trust assured its volunteers that while some sensitive information pertaining to equality monitoring was affected, no financial data was exposed.
In an August 7 email to users of its volunteer program, the National Trust’s CIO, Jon Townsend, wrote: “Our membership systems and data were not affected.”
Townsend said Blackbaud reached out to the Trust in July to inform them about the cyber-attack. The company said that all the data stolen in the attack related to Blackbaud’s systems only and has since been destroyed.
The National Trust has reported the incident to the Information Commissioner’s Office, the UK’s regulator for data protection. The organization has set up an email address that any concerned volunteers can contact for more information about the data breach.
In the August 7 breach notification email, Townsend wrote: “On 16 July 2020 we were contacted by Blackbaud, the company that holds some of our volunteering data, to tell us that they’d been the victim of a cyber-attack.”
Townsend told Trust volunteers that no action was required from them and apologized for any concern that may have been caused by the breach.
“We take data protection extremely seriously at the National Trust,” wrote Townsend. “We’re looking again at the security of how data is managed and working closely with Blackbaud to discover exactly what happened.”
Source: Infosecurity Magazine