Blackbaud Data Breach

August 2020

On 16th July 2020, APF was notified of a cyber security incident involving Blackbaud’s servers in May 2020. Upon discovering the incident, Blackbaud removed the cybercriminal from their system. However, it is understood that the cybercriminal was able to make a copy of data held by Blackbaud at the time. This may have involved data from databases of many charities including APF. For APF, this data includes details of our fundraisers, supporters and those we support, such as contact details and their interactions with APF.


Blackbaud have communicated that there is a very low risk of this information being shared, and they have received assurances that the copy of data taken by the cybercriminal has been destroyed. Blackbaud are working with law enforcement and cybersecurity specialists to further minimise the already low risk to the data affected.


However, at APF we take security of the data we hold very seriously. As a matter of urgency we have:

·        Liaised with Blackbaud to understand which APF data may have been included in this incident

·        Sought confirmation from Blackbaud on steps they have taken to minimise risk and to ensure data is protected to the highest standards going forward

·        Reported the data breach to the ICO (Information Commissioner’s Office) and the Charity Commission

·        Where any health information has been recorded, we have notified individuals to make them aware of this incident


We do not record financial information (such as credit card details) or personal documentation (such as copies of identification) on our database.


While there is a low risk to anyone whose details are recorded on APF’s database, we would urge everyone in our community to continue to practice the usual caution around suspicious or unexpected communications.


If you are concerned or have further questions, please contact us at


Useful information:

APF’s Privacy Statement

Further information from Blackbaud regarding this incident