News / 3 August 2020

Blackbaud update

We are making you aware that Unseen is among a number of charities and universities affected by a data incident involving Blackbaud, a third-party company hosting our supporter database.

We take data protection very seriously, which is why we use Blackbaud - the sector leader - to provide our database services. We very much regret to inform you, a valued member of the Unseen community, of this incident.

Details of the breach

We were informed by Blackbaud on 17 July 2020 that our data was involved in a cyber attack where a copy of data from a number of its clients was removed. The data included information on Unseen’s supporters.

Since then, we have been undertaking our own investigation to discover who and what type of data might have been affected and any actions that we need to take.

Data which may have been affected

Blackbaud has confirmed to us that:

  • it has conducted an investigation (involving law enforcement agencies);
  • no passwords, credit card details or bank account information were affected; and
  • it obtained confirmation that the data removed by the cybercriminal was destroyed;
  • it has no reason to believe that any data went beyond the cybercriminal, was or will be misused or will be disseminated or otherwise made available publicly. 

Please see www.blackbaud.com/securityincident for further details.

We understand that, although contact details, name and information regarding your engagement with Unseen were removed during the attack, data affected is low risk.  

The steps we have taken

We have taken the following actions in response to this incident: 

  • commenced a thorough investigation, including consulting with Unseen’s lawyers on the nature of the incident and any actions that need to be taken
  • informed the Information Commissioner’s Office (ICO) about the breach;
  • asked Blackbaud to detail the steps that it will take to ensure that it will not be affected by similar incidents in the future.

You do not need to take any action in relation to this incident.

However, we encourage you to remain vigilant and report any unusual activity in the normal way. Unseen will never contact you and ask you to provide your bank details or payment card information over the phone or email so we would advise you to be cautious should you receive such a request.

If you ever wish to verify a communication you have received from Unseen, you may do so by calling 0303 040 2888 or by emailing admin@unseenuk.org.

We very much regret that our supplier has been subjected to this breach in security which has affected our community of incredible supporters. Unseen takes data protection very seriously; you can read our privacy policy here. If you would like more information about your rights over your personal data, please visit the ICO website.

We will let you know if there is any action you need to take in the future.

If you have any questions regarding this incident, please contact admin@unseenuk.org