St John Ambulance was the victim of a ransomware attack last Tuesday and has reported the incident to relevant regulators, who are now assessing if any further action is needed.
The first aid charity said the attack took place at 9am on 2 July and temporarily blocked it from accessing data that its customers had given it when booking a training course.
Ransomware attacks are a type of cyber attack where hackers access to sensitive data and then threaten to publish it unless a ransom is paid.
The charity said the attack relates to the details of everyone who has opened an account, booked or attended a St John Ambulance training course until February 2019.
The data that was affected includes the names of the course attendees, their contact details, invoicing details, and, where relevant, driving license data.
However, St John Ambulance said it is confident that this data has not been shared outside the charity and that the breach was resolved within half an hour and with no effect on its operational systems.
It has reported the attack to the police, the Information Commissioner’s Office and the Charity Commission.
Regulators to assess
Both the ICO and the Charity Commission confirmed they had received a report from St John Ambulance and said they would assess the information.
A Charity Commission spokesperson said: “We are aware of a data breach at St John’s Ambulance. The trustees have submitted a serious incident report to the Commission, in line with our guidance, and we are currently assessing the charity’s response to determine our next steps.”
An ICO spokesperson said: “We have received a report from St John's Ambulance and we will assess the information provided.”
‘No action required’
St John Ambulance said in a statement that any customers affected by the ransomware attack do not need to take “any immediate action”.
It added: “However, if you work for one of our corporate customers, please pass this email on to the person in your organisation who is responsible for data protection.”
The charity also said it would internally review how the data breach happened.
A spokesperson for the charity said: "We take the security of our data very seriously and would like to reassure everyone who has received an email from us about this recent incident that we are confident no data has been shared outside of St John Ambulance.
"Our IT teams worked hard to isolate and resolve the issue as soon as we became aware of it and no ransom was paid.
"We are undertaking a review to examine how attackers were able to gain access to block the system, and we are putting processes in place to guard against this happening again."