You may have seen in the media that a number of charities and academic organisations in the UK and the USA have had supporter data stolen in a cyber-attack.  Unfortunately Mayhew is one of those charities.

This data breach happened at a company called Blackbaud which provides supporter services to some of the UK’s biggest charities.

We were recently notified of the security breach by Blackbaud, although the breach happened between February and May. The cybercriminal, or hacker, demanded a ransom which Blackbaud paid.

Before Blackbaud was able to lock the cybercriminal out, a number of backup files containing personal information were stolen.

You can read Blackbaud’s statement on the incident here.

What information was involved

Firstly, we want to reassure you that no credit card or bank details were accessed in the breach.

We have determined that the file removed may have contained your name, address, phone number, email address, donation history, and in a few cases, your date of birth (which we can confirm if you contact us directly).

Mayhew takes the protection of our supporter’s data extremely seriously and we only work with third parties who can be trusted to do the same.

To protect the data, Blackbaud paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.

Blackbaud has reassured us that due to the nature of the incident, its research, and third party investigation (including police), it has no reason to believe that any data went beyond the cybercriminal, was or will be misused, will be sold or otherwise made available publicly. 

What are we doing

As part of Blackbaud’s ongoing efforts to prevent something like this from happening in the future, the company has already implemented several changes that will protect your data from any subsequent incidents.

Mayhew will review the improvements Blackbaud has made to its security and the protection of your data. We will seek reassurance that your data is being held safely. If necessary we will terminate our contract.

What you can do

As best practice, we recommend you remain vigilant and promptly report any suspicious activity, suspected identity theft or cybercrime to the most appropriate authorities.  If you think you may have been a victim of fraud or cybercrime, and live in England, Wales or Northern Ireland, you should report this to Action Fraud at www.actionfraud.police.uk or by calling 0300 123 2020.  If you live in Scotland, you should report to Police Scotland by calling 101.

For more information

We sincerely apologise for this incident and regret any inconvenience it may cause you. Should you have any further questions or concerns regarding this matter please do not hesitate to contact Mayhew on [email protected] or call on 0208 962 8000.