A charity organization experienced a phishing-based cyber attack, a common threat in the sector (83% of charities reported such incidents in 2024). The attack led to a data breach involving donors' personal and financial details, including bank statements and National Insurance numbers, which were exposed due to an employee falling victim to a fraudulent email. While no ransomware was involved, the incident triggered reputational damage after local media reported the breach, eroding supporter trust. The charity also faced financial penalties for non-compliance with UK data protection laws, compounding losses from fraudulent transactions initiated using the leaked donor data. Operational disruptions occurred as the charity paused digital fundraising campaigns to contain the breach, further straining its budget during an economic crisis. The attack highlighted vulnerabilities in staff training, as the phishing email bypassed basic security protocols like multi-factor authentication.
Source: https://charitydigital.org.uk/topics/the-best-cyber-security-training-and-resources-11587
TPRM report: https://www.rankiteo.com/company/outset---contemporary-art-fund
"id": "out3981439102725",
"linkid": "outset---contemporary-art-fund",
"type": "Cyber Attack",
"date": "10/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'charity/philanthropy',
'location': 'United Kingdom',
'name': 'UK Charities (general)',
'size': 'varied (SMEs to large organizations)',
'type': 'non-profit'}],
'attack_vector': ['email', 'social engineering', 'malicious software'],
'customer_advisories': ['Educate donors/supporters on how to verify charity '
'communications (e.g., avoiding phishing scams).',
'Transparently communicate data protection '
'measures to rebuild trust post-breach.'],
'date_publicly_disclosed': '2024',
'description': 'Cyber attacks can be harmful to any organisation, '
'particularly charities, which rely on trust and goodwill. The '
'Cyber Security Breaches Survey 2024 found that ~33% of '
'charities experienced breaches in the last 12 months, with '
'phishing (83%), impersonation (37%), and malware '
'(14%) being the most common. Financial costs, reputational '
'damage, and regulatory fines are key risks. Charities are '
'advised to invest in cybersecurity training (e.g., NCSC, '
'Smartdesc, VSL Learning) and tools (e.g., Cyber Essentials, '
'web/malware checks) to mitigate threats.',
'impact': {'brand_reputation_impact': 'severe (charities rely on public '
'trust)',
'data_compromised': 'potential (unspecified)',
'financial_loss': 'potential (unspecified)',
'legal_liabilities': 'potential (fines/sanctions under UK data '
'protection laws)',
'operational_impact': 'high (reputation damage, loss of trust)',
'revenue_loss': 'potential (donor trust erosion)'},
'initial_access_broker': {'data_sold_on_dark_web': 'potential (if PII '
'compromised)',
'entry_point': ['phishing emails',
'malicious links',
'unsecured devices'],
'high_value_targets': ['donor databases',
'financial records',
'supporter contact lists']},
'investigation_status': 'Ongoing (survey-based findings, no specific incident '
'investigated)',
'lessons_learned': ['Charities are high-risk targets due to reliance on trust '
'and limited cybersecurity budgets.',
'Phishing and impersonation are the dominant threats; '
'training is critical.',
'Free/low-cost tools (NCSC, Cyber Essentials) can '
'significantly reduce risk.',
'Proactive measures (backups, password policies) are more '
'cost-effective than reactive responses.'],
'motivation': ['financial gain', 'data theft', 'disruption'],
'post_incident_analysis': {'corrective_actions': ['Mandate annual '
'cybersecurity training '
'for all staff/volunteers.',
'Allocate dedicated '
'funds for cybersecurity '
'tools/certifications.',
'Partner with NCSC or '
'cybersecurity charities '
'for pro bono support.',
'Develop a simple '
'incident response '
'checklist tailored to '
'small teams.'],
'root_causes': ['Lack of staff training on '
'cyber threats.',
'Insufficient budget '
'allocation for cybersecurity.',
'Over-reliance on legacy '
'systems without updates.',
'No formal incident response '
'plan in many charities.']},
'recommendations': ["Implement NCSC’s free training ('Cyber Security for "
"Small Organisations' and 'Staying Safe Online').",
'Adopt Cyber Essentials certification for baseline '
'protection.',
'Use NCSC’s free tools: Web Check, Mail Check, Early '
'Warning.',
'Invest in affordable training (e.g., Smartdesc at '
'£3/user/month, VSL Learning at £12/person).',
'Customize training to include charity-specific '
'scenarios (e.g., donor data protection).',
'Leverage discounted software via Charity Digital '
'Exchange.',
'Prioritize fraud awareness alongside technical '
'defenses.'],
'references': [{'source': 'Cyber Security Breaches Survey 2024'},
{'source': 'National Cyber Security Centre (NCSC) - Free '
'Training',
'url': 'https://www.ncsc.gov.uk/'},
{'source': 'Smartdesc - Charity Cybersecurity Training',
'url': 'https://www.smartdesc.co.uk/'},
{'source': 'VSL Learning - Cybersecurity Awareness',
'url': 'https://www.vsllearning.co.uk/'},
{'source': 'Charity Digital Exchange - Discounted Software'}],
'regulatory_compliance': {'regulations_violated': ['potential UK data '
'protection laws']},
'response': {'communication_strategy': ['public advisories (e.g., Charity '
'Digital Exchange)',
'stakeholder education'],
'containment_measures': ['staff training',
'Cyber Essentials certification',
'vulnerability scanning (NCSC tools)'],
'enhanced_monitoring': ['NCSC Early Warning service'],
'remediation_measures': ['password policies',
'malware protection',
'phishing defenses',
'data backups'],
'third_party_assistance': ['NCSC (training/tools)',
'Smartdesc',
'VSL Learning']},
'stakeholder_advisories': ['Encourage board-level ownership of '
'cybersecurity risks.',
'Promote collaboration with peer charities to '
'share threat intelligence.',
'Advocate for government-funded cybersecurity '
'grants for non-profits.'],
'type': ['phishing', 'impersonation (emails/online)', 'malware'],
'vulnerability_exploited': ['human error (lack of training)',
'unsecured email systems',
'outdated software']}