Wildlife charity RZSS which runs Edinburgh Zoo among victims of Blackbaud cyber attack

The wildlife conservation charity which runs Edinburgh Zoo is among a number of organisations worldwide to have fallen victim to a cyber attack on cloud computing provider Blackbaud.

Wednesday, 29th July 2020, 12:47 pm
Updated Wednesday, 29th July 2020, 1:39 pm

Royal Zoological Society of Scotland (RZSS) chief executive Davd Field has sent an email informing charity supporters of the data breach which resulted in personal details like names, postal addresses, phone numbers and emails being accessed.

But RZSS says all financial security details they hold are encrypted so this information will remain secure following the cyber attack in May.

The RZSS joins a growing list of organisations to issue data breach alerts which includes the UK's National Trust and terminal illness charity Sue Ryder.

Sign up to our daily newsletter

The i newsletter cut through the noise

Wildlife charity RZSS, which runs Edinburgh Zoo, is among the victims to the Blackbaud cyber attack. Pic: Lisa Ferguson

The RZSS understands there is no evidence to suggest the data has been or will be used and described the risk as "low," although supporters have been urged to stay vigilant and report any suspicious activity - such as receiving bills or goods you did not order - to Police Scotland on 101.

‘Very worrying’

One RZSS member, who joined the conservation charity so he could take his daughter on regular visits to Edinburgh Zoo, said he was shocked to receive the warning.

He continued: "It is clearly not the fault of the RZSS as the people who do these hacks are very sophisticated, but it is very worrying that this happened.

"Receiving notification, basically a warning, that my data could have been compromised is pretty shocking and I'm naturally concerned that my private details have been taken.

"It means I will have to be extra-vigilant and if anything out of the ordinary appears to be happening then I will contact Police Scotland, as advised by the RZSS.

"After losing so much income during the lockdown we are keen to support them in any way we can and the last thing Edinburgh Zoo needs is a data breach scare."

The UK's Information Commissioner's Office (ICO) told the BBC that 125 organisations - including dozens of universities - had reported to it in relation to the incident "so far".

Th BBC has also reported that Heriot-Watt University is among the organisations which have been hit.

Around the world, it is understood museums, schools, churches and food banks have been affected.

Blackbaud has said that it became aware of the matter in May, and subsequently paid the attackers a ransom. However, the US firm only advised its clients of the breach this month which is why notices are only now being sent to members of the public.

And although Blackbaud has said the cyber-criminals had provided confirmation that the stolen data was destroyed, it can not be guaranteed that such an assurance can be trusted.

RSZZ has notified the Information Commissioner's Office of the data breach as well as the Office of the Scottish Charity Regulator.

RZSS chief executive David Field said: “We have recently been informed by one of our suppliers about a cyber-attack which has affected many organisations and charities, including RZSS.

“All financial data was encrypted and remained secured. Personal information relating to some of our supporters was accessed, including names, addresses, postcodes and email addresses, but we understand this data has since been destroyed and the risk is therefore very low.”