Conservation charity The Woodland Trust has disclosed that it is investigating a cyber attack that appears to have taken place on 14 December 2020, which forced it to put its work on hold and disconnect all of its IT systems to prevent further intrusion or damage.
Since uncovering the attack, which it described as “sophisticated” and “high-level”, the organisation has been working with third-party forensics experts and legal counsel to determine what happened – but only now is it notifying supporters and partners by letter.
At the time of writing, the trust is unable to process orders for new memberships or new tree or woodland dedications. Its fundraising platform for woodland dedications is offline – although it is still accepting donations via the JustGiving service – as are its shop and a number of ongoing competitions.
In a statement posted to its website, the organisation said: “As soon as we became aware of the situation, we took immediate action to mitigate the impact and notified the relevant authorities, including the Information Commissioner’s Office, the Charity Commission and the police.
“We have been working hard to determine the nature of the attack and assess if any data we hold may have been compromised. We are sorry for the concern this incident may cause and are committed to supporting you.
“We understand this news will concern and worry our members and supporters. We would like to reassure you we are doing all we can to determine fully the nature and scope of the incident as quickly as possible, including, as a priority, what data, if any, may have been impacted.
“We understand knowing the nature of any data that may have been impacted is important and would like to reassure you that this is a priority area of the investigation. We are working hard to conclude our investigations and should we need to notify anyone whose information has been impacted, we will of course do so at the earliest opportunity, in accordance with the GDPR [General Data Protection Regulation].”
The charity did not put a date on when its systems are likely to be up and running again, but said it would issue more details as its investigation progresses. Nor did it disclose the exact nature of the attack, although some elements of its response to date imply that it may have had its data encrypted and possibly exfiltrated in a ransomware attack. Note that this is unconfirmed.
Out of caution, members and supporters should be alert to any suspicious activity, including unexpected emails or phone calls from unknown sources, or purporting to be from their bank or credit card provider.