As previously announced the BDA was the victim of cyber criminals over the summer.
As soon as we became aware of the incident, we took immediate steps to contain the malicious activity and remove the threat. This resulted in us taking our servers offline. At this stage, we also notified both our staff and our members about this incident.
Our incident response plan also involved informing the relevant authorities such as the Information Commissioner's Office (ICO), the UK's data protection authority. We have also been working with third party forensic IT experts to investigate the incident and mitigate the potential impact.
Our IT team has rebuilt our systems on a new network. This involved rebuilding our servers from scratch, which has lowered the risk of a reoccurrence of the malware responsible for this attack. We have also continued to enhance our IT infrastructure following this incident.
We understand that this may have caused some uncertainty for our members and friends of the association, particularly with regards to data. Although investigations remain ongoing, only a very small amount of personal data has been impacted, limited to our own HR records and we have made individuals aware where it is appropriate for us to do so. If you have not heard from us directly over the last week, then you do not need to take any further action.
We apologise for the uncertainty that this incident may have caused. We would also like to reiterate our thanks to everyone for their patience and understanding.