News giftDonate
Friday 09th October

Data Security Incident

Dear CFI member/supporter,  

We are informing you about a data security incident that occurred through a third-party service provider that hosts data from Cystic Fibrosis Ireland (CFI).  

We understand that this data security incident has impacted many organisations worldwide, including many universities and charitable organisations. 
Following a recent discussion by the CFI Board and recent clarification and confirmation from the provider, CFI is contacting our members and supporters to alert them about this incident and how we have responded: 

  • CFI has written to the Data Protection Commission and provided a full report 
  • Following a review, CFI is commencing the process of removing all of our data from this third-party provider 
  • CFI is informing our members and supporters about this incident and these actions and to ask them to remain generally vigilant, including looking out for fraudulent e-mails (phishing).  

What happened? 

In late July 2020 CFI received notification of a data security incident from a third-party service provider. The provider is one of the world’s largest providers of customer relationship management (CRM) systems for the not-for-profit and education sectors. They advised us that they were the victim of a ransomware attack.  CFI were informed that the incident did not involve account or credit card details. CFI sought further information and clarification from the provider about the incident, which we received on the 7th of October. They have given us further confirmation that they stand by their original advice to us, that is, no account or credit card details were involved in the incident.

While this is reassuring news in the circumstances, we sincerely regret this data security issue. The CRM keeps us in touch with you and our supporters and is a vital part of our work. We take data security at Cystic Fibrosis Ireland extremely seriously. Please know we will continue to monitor and strengthen our data security protections internally and amongst our third-party providers.  

CFI will of course provide updates on our website www.cfireland.ie on any further significant developments in regard to this incident (should they arise) and you can contact us as always at info@cfireland.ie