The Wellcome Trust has informed the Charity Commission, Information Commissioner's Office and police that four staff members' email accounts have been compromised.
Today, the Wellcome Trust’s data protection team sent an email to people who may have been affected saying it had become aware of a breach on 13 August and subsequently reported it to the ICO, the Charity Commission and the police.
It said four Wellcome Trust staff members’ email accounts had been compromised between 12 November 2017 and 13 August 2018.
The charity said it has now ensured that the four email accounts are no longer compromised, and that no other accounts have been affected.
It said it is conducting a full investigation into how the breach happened and has taken measures to ensure it does not happen again.
A spokesperson for the Wellcome Trust confirmed the breach and said: "We are contacting people who we believe were in correspondence with the affected accounts."
In response, an ICO spokesperson said: “Organisations have a legal duty to ensure the security of any personal data they hold.
“We are aware of an incident involving The Wellcome Trust and will be making enquiries.”
A spokesperson for the Charity Commission confirmed that the Wellcome Trust had submitted a serious incident report and said it was "assessing the report to determine what, if any, regulatory role there is for the Commission as regulator".