ST JOHN AMBULANCE has admitted that it this week became the casualty of a ransomware attack.
The first aid charity said in a post on its website that the attack, which struck on Tuesday 2 July, didn't affect its operational systems and was, impressively, resolved within half an hour. St John Ambulance confirmed to INQ that no ransom was paid, adding that its "IT teams worked hard to isolate and resolve the issue as soon as we became aware of it."
Though it's "confident" that data has not been shared outside St John Ambulance, it fessed that the data of everyone who has opened an account, booked or attended a training course until February 2019 was affected.
This data includes names, courses, contact details, costs, invoicing details and, in some cases, driving licence data. No passwords or credit card details were taken, and no records have been doctored.
"The only data that has been affected relates to our training course delivery," the charity notes. "It does not cover supplies, events, ambulance operations, volunteering, volunteer, data, employee data, clinical data or patient data.
"You don't need to take any immediate action. However, if you work for one of our corporate customers, please pass this email on to the person in your organisation who is responsible for data protection."
St John Ambulance said it's informed both the Information Commissioner's Office (ICO) and the Charity Commission about the breach, along with the police.
"We have received a report from St John's Ambulance and we will assess the information provided," an ICO spokesperson confirmed to INQ.
St John concluded: "We work as hard as we can to protect our data systems from these types of attacks and employ a range of third-party partners and cyber-crime solutions to continually update our protection. µ
The scales fall from their eyes
Grater than the sum of its parts