The Woodland Trust has confirmed that it was hit with a cyberattack last month, describing the incident as “sophisticated” and “high level” – and it has taken many services offline.
The UK’s largest woodland conversation charity hasn’t detailed exactly what kind of cyber incident has taken place but said it is working with relevant authorities, including the police and the Information Commissioner’s Office (ICO), to determine if data has been compromised.
The Woodland Trust does say that it’s experiencing disruption as many systems are offline, affecting the ability to support “certain services” for members and supporters.
It’s believed the attack took place during the evening of 14 December 2020. The Woodland Trust hasn’t said when it discovered the attack, only that it “took immediate action” to mitigate it as soon as the organisation became aware of it, as well as bringing in third-party cybersecurity investigators.
“We understand this news will concern and worry our members and supporters. We would like to reassure you we are doing all we can to determine fully the nature and scope of the incident as quickly as possible, including as a priority what data, if any, may have been impacted.” the Woodland Trust said in a statement.
The charity added that if it’s found that personal information of members has been affected, it will notify them in accordance with GDPR.
IT systems have been disconnected to “avoid any further unauthorised access” and the Woodland Trust said it’s working with cybersecurity experts to resolve the situation.
While the charity, which plants trees and protects woods and wildlife, isn’t currently aware of data about its half a million members being accessed by cyber criminals, it has urged them to be cautious in the event of attempts to exploit any potentially stolen data.
“We are encouraging all our supporters to be mindful of any suspicious activity, especially unexpected emails or phone calls from unknown sources or purporting to come from your bank.”
The Woodland Trust told ZDNet: “We have been working hard, alongside a number of third-party experts including forensic IT specialists, to determine the nature of the criminal activity. This investigation is ongoing, and therefore there are details which are yet to emerge.”