To NCCT residents, staff, and parents & guardians of NCCT nursery children
The Trustees would like it to be made known that:
In August 2022, NCCT’s software partner, Advanced, experienced a disruption to its systems. (Advanced owns NCCT’s legacy care management system, CareSys.) Advanced has since determined the disruption to be the result of a cybersecurity incident caused by ransomware and that personal data relating to Nazareth Care Charitable Trust was breached.
A ransomware attack against Advanced took place on the 2nd of August 2022. Nazareth Care Charitable Trust was notified of a temporary unavailability of access to CareSys system on the 4th of August. Advanced took action to mitigate any further risk and isolated all environments where the incident was detected. On 13th September 2022, Advanced notified NCCT that there was some impact to data subjects under NCCT’s control. The final confirmation of a breach took place on the 26th of September.
What data was affected?
Throughout October and November 2022, NCCT has worked continuously with Advanced to identify the data subjects affected. Whilst the investigation is still ongoing, it has been evidenced that personal data relating to current and former residents, staff, and nursery children had been temporarily extracted. All the data has been recovered and restored in its entirety by Advanced, and there is no evidence of past or present misuse. Also, it has been established with certainty that no financial data was involved in the breach.
What are we doing?
NCCT is working with Advanced to identify and contact individuals whose personal data was affected. These investigations take time, and we are taking care to provide accurate information as quickly as we can. We are expecting to send individual notifications to people whose personal data was breached in the coming weeks where current contact details are available to NCCT.
Advanced has been working constantly to update and strengthen their cyber security defences in order to ensure that future occurrences like this would be unlikely.
What can you do?
While there is no evidence that your personal information will be misused in this case, following these general Data Protection best practices and cyber security recommendations is always encouraged:
- it is always a good idea to use strong, unique passwords;
- resetting the passwords from time to time is also encouraged;
- look out for any suspicious link, phishing email or any fraudulent activity on your accounts.
We have set up a dedicated email address should you have any questions or concerns about your personal data. Please email our Data Protection team at: Data.firstname.lastname@example.org and we will respond as soon as possible.
We would like to assure you that we are doing everything to rectify this situation as a matter of urgency.