The Evangelical Alliance have been the victims of a significant cyber-attack over the Easter weekend, resulting in the corruption and deletion of the personal and financial data we hold.
You can read our statement regarding the attack here.
Below are some of the frequently asked questions you might find helpful regarding what has happened and how this may affect you.
Please know we are deeply sorry for the inconvenience and worry this attack will have caused you, be assured we are continuing to investigate the root causes of this event and to work on strengthening both our technical and organisational security measures to prevent it happening again.
We hold personal information such as names, addresses, and emails. If we have ever taken payments from you or received Direct Debits from you, we also collect financial information, such as account name, number, and sort code. We only hold information you have given us; we do not buy lists or personal data from third parties.
Both our contact and financial databases have been affected by the cyber-attack, these databases have been corrupted by ransomware and our backups deleted. Our investigations showed no evidence that the data was stolen, but it is wise to remain cautious and vigilant.
Be wary of any calls or emails you receive and don’t automatically click on links in an unexpected email or text. We strongly recommend that you follow the six steps outlined by Action Fraud which we shared in our statement and in our email to our contacts. Please read the six steps in our statement here.
Following our cyber forensic investigation, we have no evidence of the data removed from our system or being made available elsewhere, only that it was deleted. But we still urge you to be cautious, as above.
Despite stringent security controls, the Evangelical Alliance, like all of us, is at risk of being targeted by cyber criminals. We deeply value our members and your information, and we are committed to understanding how this attack was able to happen and what we can do to ensure it cannot happen again. Following our investigations we are responding strongly to ensure all our systems and processes are as secure as possible.
As soon as we discovered this incident, we immediately took our systems offline. In addition, we launched a forensic investigation led by external experts to identify exactly the extent of the breach and whether our contacts' information is involved. We have emailed our contacts to let them know what happened and what steps they should take to protect themselves.
External experts have forensically investigating the incident as a matter of urgency and we are implementing measures to enhance our security and further protect your data, verifying every aspect of our work to make sure that there is no further risk as we re-establish operations in the safest possible way.
The Evangelical Alliance were the victims of a significant cyber-attack over the Easter weekend, and our databases have been compromised. We launched a forensic investigation led by external experts to identify exactly the extent of the breach and whether our contacts' information is involved.
As outlined in our privacy policy, the length of time we keep the information you have given us depends on the context in which you provided it. We will only keep information that is necessary for us to provide membership mailings, other resources and for statistical purposes. We will keep records of any financial transactions you enter into with us for a minimum of six years. This will enable us to meet with accounting requirements and respond to any questions from you that arise during that period. Gift Aid declarations and transactions must be kept for a minimum of 12 years after the Gift Aid is no longer valid.
Due to the nature of the attack, our up-to-date databases were corrupted and deleted. We have been using archived unaffected backups to inform you about the data breach. This means we have not been able to use current information to contact you, so you may have been contacted at an older address, if you have cancelled your membership in recent years or on behalf of someone who has passed away. We are sorry for any inconvenience, pain or confusion this may have caused. Please do contact us at [email protected] with your correct information and we will update our records as soon as we are able to.
These incidents are complex and resource intensive and any thorough investigation requires time to be comprehensive and accurate. We do ask for your patience as we rebuild our database. We will respond to requests on the information we hold once our system is reinstalled. You may request details of all the information the Evangelical Alliance holds about you by submitting a request to our membership team. Please write to: The membership team, Evangelical Alliance, 176 Copenhagen Street, London, N1 0ST, or telephone 020 7520 3830 or email [email protected]
Please contact the membership team to ask for any updates to, or removal of, your data. Please write to: The membership team, Evangelical Alliance, 176 Copenhagen Street, London, N1 0ST, or telephone 020 7520 3830 or email [email protected].
As we work to secure and rebuild our databases, we will be unable to immediately action requests to delete personal information. However, we are working hard to be up and running as quickly as possible and will action requests within the legal three month timeframe.