12 August 2020

On Thursday 16 July 2020, Child Bereavement UK was contacted by one of our third-party service providers, Blackbaud, who informed us of a data security incident in their system that was discovered in May 2020. Child Bereavement UK and many other charities and institutions have been affected by this incident.

Blackbaud is one of the world's largest providers of customer relationship management systems for the not-for-profit sector.

Upon discovery of the data security incident, the Blackbaud cyber-security team was able to remove the cybercriminal from their system. However, it is understood that the cybercriminal was able to make a copy of the data stored on the Blackbaud system.

We have been assured that the risk to Child Bereavement UK, our service users and supporters is very low, as Child Bereavement UK does not store any credit card information or bank details of its supporters, and passwords were encrypted. Blackbaud has also informed us that there is no reason to believe that any data was or will be misused.

You need take no specific action at this stage but please remain vigilant and report any suspicious activity to the police or other law enforcement authorities.

You can find further information from Blackbaud about the incident here.

Our service users and supporters are very important to us. We have formally notified the Information Commissioner’s Office (ICO). We have also launched our own investigation into the incident with Blackbaud and are seeking advice about any further actions that may need to be taken.

We apologise for any inconvenience or concern caused as a result of this incident. If you have any questions about this incident or how we use your personal information, and would like to contact us about this, please email Supporter Care.