Bletchley Park visitors warned of data breach after Blackbaud ransomware attack

Bletchley Park visitors warned of data breach after Blackbaud ransomware attack

Some years ago I visited the fabulous site of Bletchley Park, home of the UK’s then-secret code-breaking efforts during World War II, where Alan Turing and other brilliant minds cracked encrypted messages sent by the Nazis.

So when I received a letter from Bletchley Park in the post today, I imagined it would invite me to return, containing information about how they’re handling visits during the pandemic.

Unfortunately, the news wasn’t so good.

Bletchley park letter

Part of the letter reads:

“We were recently notified by Blackbaud, one of our software suppliers, that they have suffered a data brech due to a ransomware attack of their own system. Blackbaud is one the world’s largest providers of customer relationship management services. You may be aware from the news that a significant number of universities and charities here and world-wide have been affected by the issue. Unfortunately, this list includes Bletchley Park Trust.”

“The breach contains some of your personal information, which may include one or more data fields, such as your name, title, date of birth, email address, donation history, mailing or e-newsletter list preference, event attendance or membership, depending on your engagement with the Bletchley Park Trust. However, we would like to stress that Blackbaud has assured us that the issue has been resolved and that the data is secure.”

The letter goes on to explain that Blackbaud discovered and stopped a ransomware attack against its systems in May, but took until 16 July 2020 to contact Bletchley Park and tell its data had been affected by the breach.

Blackbaud ultimately decided to pay the cybercriminals who attacked its systems and compromised the data of many organisations.

Sign up to our free newsletter.
Security news, advice, and tips.

As the letter describes, Blackbaud’s cybersecurity team believes that it is now storing data securely, and that it has “no reason to believe that any data went beyond the cybercriminal and that the data was deleted after they paid a ransom.”

Let’s hope they’re right.

In the letter the Bletchley Park Trust apologises “for any inconvience” and says that it is “extremely disappointed” that the security breach occurred.

Bletchley Park says that it is reviewing how it stores its data, and its future relationship with Blackbaud in light of the security breach.

Bletchley Park, and the attached National Museum of Computing, make for a terrific day out – and I strongly recommend you spend a day there if you get the chance.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Bletchley Park visitors warned of data breach after Blackbaud ransomware attack”

  1. Eric

    from your article "As the letter describes, Blackbaud’s cybersecurity team believes that it is now storing data securely"

    what exactly did they believe before?

  2. Paranoid Canuck

    "Blackbaud’s cybersecurity team believes that it is now storing data securely, and that it has “no reason to believe that any data went beyond the cybercriminal and that the data was deleted after they paid a ransom.”

    And if you believe that, I've got some great ocean view property for sale in central Saskatchewan.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.