Notification of a personal data breach affecting constituents of Maccabi GB
We are sorry to inform our supporters / constituents of a personal data breach that has taken place at Blackbaud, one of the largest global software firms in the charities sector and Maccabi GB’s CRM provider. Thankfully we believe the risks to individuals are low. But we want our supporters to be aware of the incident so they can be alert to anything that seems unusual, and because we believe providing this information is an important way to reduce any risks further.
On Thursday 16th July, Blackbaud notified Maccabi GB of a security incident that occurred in their systems. At this time, we understand they discovered and stopped a ransomware attack. After discovering the attack, their Cyber Security team—together with independent forensics experts and law enforcement— successfully prevented the cybercriminal from blocking their system access and fully encrypting files; and ultimately expelled them from their system.
Prior to being locked out, the cybercriminal removed certain information and this included a copy of our backup file containing personal information of Maccabi GB supporters. This occurred at some point beginning on 7 February 2020 and could have been in there intermittently until 20 May 2020.
What Information Was Involved
It is important to note that the cybercriminal did not access any credit card information, bank account information, or any other financial information. However, we have determined that the file removed may have contained contact information, demographic information, and a history of the individual’s relationship with our organisation, such as donation dates and amounts as well as any events attended.
Blackbaud paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed. Based on the nature of the incident, their research, and Blackbaud’s (including law enforcement) investigation, we have no reason to believe that any data went further than the individual, was or will be otherwise misused, or will be disseminated or otherwise made available publicly.
What We Are Doing
We are letting our supporters know so that they can take any action they feel necessary to protect themselves. Ensuring the safety of our constituents’ data is of the utmost importance to us.
As part of their ongoing efforts to help prevent something like this from happening in the future, Blackbaud have informed us that they have already implemented several changes that will protect the data that they hold from any subsequent incidents.
First, they were able to quickly identify the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to fix it. They have confirmed through testing by multiple third parties, including the appropriate platform vendors, that their fix withstands all known attack tactics. Additionally, they are accelerating their efforts to further harden their environment through enhancements to access management, network segmentation, deployment of additional endpoint and network-based platforms.
We want to also reassure you that Maccabi GB will be conducting our own investigations which will include determining if we retain the services of Blackbaud as a third-party supplier.
Although we do consider that the risks to individuals are low we decided that it was appropriate for this incident to be reported to relevant regulators and accordingly we have promptly notified the Information Commissioner’s Office (ICO).
What You Can Do
We recommend you remain vigilant.
· You should be cautious of communications claiming to be from Maccabi GB but which seem suspicious to you.
· Please promptly report any suspicious activity to us, and any suspected identity theft to us and to the proper law enforcement authorities.
· You can find further advice at www.actionfraud.police.co.uk.
For More Information
We sincerely apologise for this incident and regret any inconvenience it may cause you. Should you have any further questions or concerns regarding this matter and/or the protections available to you, please do not hesitate to contact Daniel Morris at 020 8457 2333 or firstname.lastname@example.org.