Members area

Loading...

Register

Don't have a login?

Join us

Become a member

  • Connect with others through events, workshops, and campaigns
  • Discover information and insights in our resource hub and receive the latest updates via email
  • Access one-to-one support and tailored services which help reduce barriers for deaf children
Donate
Open Search popup
Menu Open mobile desktop menu
  • Home >
  • Data Security Incident FAQs

Data Security Incident FAQs

1. What has happened?

Recently we were informed of an IT security incident by a third-party research partner we sometimes use to carry out supporter surveys. They informed us that one of their data sub-processors had been the victim of a cyberattack in August 2023. It is possible that some of the National Deaf Children’s Society’s data may have been maliciously accessed.

2. Whose data was affected?

A group of supporters and donors who we had selected to approach to take part in a survey project in September 2022.

3. What data was included?

  • salutation (either first name, or title and surname)
  • email address and postcode
  • information on previous donations (if applicable)

No sensitive information (e.g. passwords), financial information (e.g. bank details), or information about deaf children was included. Such information was never passed to this supplier.

4. Why do they have my details for surveys? At what point was I opted in and was I asked?

We provided limited data to our third party to enable them to coordinate a survey project on our behalf to help us understand our supporters better and communicate more effectively with them in the future.

All supporters are directed to our Privacy Policy when they first decide to give to us, and this policy explains the fact that we carry out research and use external organisations to support us in this.

5. Can we be sure that this won’t happen again? What extra safeguards have now been put in place?

All of our supporter data has been deleted from the third party supplier. We will be reviewing the outcome of our third party’s investigation into the breach and assessing whether they could have done more to protect against the attack. A specialist cybersecurity contractor will be monitoring for any sign of future malicious use of the data.

6. How do we know bank details were not affected? Is this because the third party doesn’t hold this information?

Bank details were never provided to this supplier as they were not relevant to the activity we carry out with them. The National Deaf Children’s Society’s own database was not part of the attack and has not been compromised.

7. Why weren’t supporters informed earlier?

It was confirmed on 21 September that the National Deaf Children's Society supporter data may have been accessible to the cyberattackers, following an investigation by the subcontractor concerned, and we promptly took steps to communicate to the affected supporters.

We did not want to cause any unnecessary upset or distress by getting in touch before we fully understood the nature of the breach and the potential impact or indeed confirmation that our supporters' data was involved.

8. Is all data held by the National Deaf Children Society affected?

No, only information on supporters and donors who were part of the survey project. This included a selection of people who have supported us now or in recent years.

Contact us

If you have any further questions, please call 0800 138 6585 (9am to 5pm on Mondays, Tuesdays, Thursdays and Fridays; 9am to 12:30pm on Wednesdays) or email [email protected].