The homelessness charity Centrepoint has warned supporters that their data might have been stolen in a major cyber attack.
The charity told supporters that their data was potentially part of a data breach last month after a sub-contractor of the survey company About Loyalty was hacked.
About Loyalty works with many of the UK’s biggest charities and previously told Third Sector that criminals had accessed the information by hacking a subcontractor called Kokoro.
Charities that were caught up in the hack included the RSPCA, Friends of the Earth, Dogs Trust and Cats Protection.
Centrepoint contacted supporters on Friday about the incident – about a month after the attack.
The charity said it was writing “as a precautionary measure with the intent of providing reassurance”.
It told supporters the breach could include surnames, email addresses, the initial part of their postcodes and their historical donation details – for example, donation dates, annual accounts and volunteer status – but no banking or financial information was involved in the incident.
“Importantly, there is currently no evidence to suggest that your data has been shared, and the information they hold about you is exceedingly limited,” the charity said.
It added that it notified the Information Commissioner’s Office, which is investigating the breach, Action Fraud and relevant law enforcement after learning of the hack.
A Centrepoint spokesperson said: “We take our responsibility for protecting supporters’ information very seriously. We have taken all necessary measures to ensure their data is protected and will continue to strengthen our security protocols.
“We deeply regret if any of our supporters have been affected by this data breach and would encourage everyone to treat any unsolicited or suspicious emails with caution.”
When previously asked about the hack, a Kokoro spokesperson said: “We can confirm that we recently experienced an IT security incident in which an unauthorised third party gained access to part of our systems.
“We launched an immediate investigation with the support of external IT security specialists and engaged in mitigation, containment and recovery measures.
“We are confident that the incident has now been contained and there is no ongoing risk to our systems, and we have notified those whose data has been impacted.”