The Evangelical Alliance have been the victims of a significant cyber-attack over the Easter weekend, resulting in the corruption and deletion of the personal and financial data we hold.
You can read our statement regarding the attack here.
Below are some of the frequently asked questions you might find helpful regarding what has happened and how this may affect you.
Please know we are deeply sorry for the inconvenience and worry this attack will have caused you, be assured we are continuing to investigate the root causes of this event and to work on strengthening both our technical and organisational security measures to prevent it happening again.
We hold personal information such as names, addresses, and emails. If we have ever taken payments from you or received Direct Debits from you, we also collect financial information, such as account name, number, and sort code. We only hold information you have given us; we do not buy lists or personal data from third parties.
Both our contact and financial databases have been affected by the cyber-attack, these databases have been corrupted by ransomware and our backups deleted. We are not able to confirm if the data was stolen before it was corrupted and deleted, but it would be wise to be cautious. Our forensic investigation is still ongoing and we will be in touch with our contacts again in one week’s time to update you.
Be wary of any calls or emails you receive and don’t automatically click on links in an unexpected email or text. We strongly recommend that you follow the six steps outlined by Action Fraud which we shared in our statement and in our email to our contacts. Please read the six steps in our statement here.
Your data may have been simply deleted, or it may have been stolen. The results of the forensic investigation should hopefully tell us which was the case, and so we will be in touch with our contacts to update them in a week’s time. So far, the investigation has found no evidence of the data being made available elsewhere, but we still urge you to be cautious, as above.
Despite stringent security controls, the Evangelical Alliance, like all of us, is at risk of being targeted by cyber criminals. We deeply value our members and your information, and we are committed to understanding how this attack was able to happen and what we can do to ensure it cannot happen again. We await the forensic team’s report and will be back in touch to update our contacts with our findings in one week’s time.
As soon as we discovered this incident, we immediately took our systems offline. In addition, we launched a forensic investigation led by external experts to identify exactly the extent of the breach and whether our contacts' information is involved. We have emailed our contacts to let them know what happened and what steps they should take to protect themselves, and we will be back in touch to update our contacts with our investigations in one week’s time.
External experts are forensically investigating the incident as a matter of urgency and we are implementing measures to enhance our security and further protect your data, verifying every aspect of our work to make sure that there is no further risk as we re-establish operations in the safest possible way.
The Evangelical Alliance were the victims of a significant cyber-attack over the Easter weekend, and our databases have been compromised. We have launched a forensic investigation led by external experts to identify exactly the extent of the breach and whether our contacts' information is involved.
As outlined in our privacy policy, the length of time we keep the information you have given us depends on the context in which you provided it. We will only keep information that is necessary for us to provide membership mailings, other resources and for statistical purposes. We will keep records of any financial transactions you enter into with us for a minimum of six years. This will enable us to meet with accounting requirements and respond to any questions from you that arise during that period. Gift Aid declarations and transactions must be kept for a minimum of 12 years after the Gift Aid is no longer valid.
Due to the nature of the attack, our up-to-date databases were corrupted and deleted. We have been using archived unaffected backups to inform you about the data breach. This means we have not been able to use current information to contact you, so you may have been contacted at an older address, if you have cancelled your membership in recent years or on behalf of someone who has passed away. We are sorry for any inconvenience, pain or confusion this may have caused. Please do contact us at help@eauk.org with your correct information and we will update our records as soon as we are able to.
These incidents are complex and resource intensive and any thorough investigation requires time to be comprehensive and accurate. We do ask for your patience as we rebuild our database. We will respond to requests on the information we hold once our system is reinstalled. You may request details of all the information the Evangelical Alliance holds about you by submitting a request to our membership team. Please write to: The membership team, Evangelical Alliance, 176 Copenhagen Street, London, N1 0ST, or telephone 020 7520 3830 or email help@eauk.org
Please contact the membership team to ask for any updates to, or removal of, your data. Please write to: The membership team, Evangelical Alliance, 176 Copenhagen Street, London, N1 0ST, or telephone 020 7520 3830 or email help@eauk.org.
As we work to secure and rebuild our databases, we will be unable to immediately action requests to delete personal information. However, we are working hard to be up and running as quickly as possible and will action requests within the legal three month timeframe.