Data breach at the MS Trust

30 September 2020

What happened?

Like many charities, the MS Trust uses a database platform run by a company called Blackbaud to manage and record all our information, engagement and fundraising activities. Blackbaud are one of the world’s largest providers of customer relationship management systems for not-for-profit organisations.

We were told by Blackbaud on July 30 that some of our data has been breached. The MS Trust is one of more than 100 charities including the National Trust that have been affected by a ransomware attack on Blackbaud.

Blackbaud has assured us that the risk to MS Trust and our supporters is extremely low and that the data did not include credit card, bank details or passwords. Blackbaud has also said that they have no reason to believe that any data was, or will be, misused. Blackbaud has confirmed that they understand the data that was stolen has been destroyed.

How has MS Trust responded to the situation?

The MS Trust takes data protection and charity law responsibilities seriously.

A report was made to the Information Commissioners Office (ICO) and to the Charity Commission when we became aware of this breach. We also launched an internal investigation to quantify the extent of the breach. A data audit was then carried out so that we could determine who has been affected and take appropriate action. This was a complex process that took time to complete.

We are contacting supporters that have been affected to update them on this incident.

We are working with Blackbaud to understand the detail of the security enhancements they have put in place to minimise risks for the future.

What should you do?

We do not believe that there is any need for our supporters to take any action. We suggest that they remain wary of any unexpected communications and continue to be cautious of any suspicious emails, letters, or phone calls, and promptly report any suspicious activity to the proper law enforcement authorities.

We do apologise for any inconvenience that the data breach at Blackbaud may have caused.

If you would like to speak to a member of our team or you have any questions about this incident, please contact: