Data incident Tuesday 2 July 2019
At 9.00am on Tuesday 2 July, St John Ambulance was subjected to
a ransomware attack. This has not affected our operational systems
and we resolved the issue within half an hour.
This means that we were temporarily blocked from accessing the
system affected and the data customers gave us when booking a
training course was locked.
We are confident that data has not been shared outside St John
We’ve informed the ICO and the Charity Commission, as well as
What is a ransomware attack?
Ransomware is a type of malicious software that gains access to
files or systems and blocks user access to those files or
What data of mine has been affected?
- • Name of the person who booked the course
- • Name of the person who attended (where different)
- • Course attended
- • Contact details provided
- • Where a certificate has been issued, a delegate name
- • Any other special requirement information that you gave us on
- • Course costs that you have been charged
- • Course outcome
- • Invoicing details
- • Where relevant, driving licence data
I gave you my credit card details – do I need to cancel
it or change my bank account?
No. When you book a training course with us,
whilst you must provide card details to pay, those details are
processed by Barclaycard SmartPay, so go straight to our bank and
are therefore not stored with us.
Have you informed the Information Commissioner’s Office
Yes, we’ve notified them in line with their regulations.
Have you told any other agencies?
Yes, as this is a crime, it has been reported to the police. We
have also notified the Charity Commission.
Is my password affected?
No, no customer passwords were stored in the
database that was affected by this incident.
Has my data been stolen?
No. The data affected was encrypted by a virus limited only
to that system and therefore we were temporarily unable to
access it. The issue is now resolved.
Who is affected?
This covers everyone who has opened an account, booked or
attended a St John Ambulance training course until February
What kind of data has been affected?
The only data that has been affected relates to our training
course delivery. It does not cover supplies, events, ambulance
operations, volunteering, volunteer, data, employee data, clinical
data or patient data.
When will you resolve the issue?
The issue was resolved immediately.
How can I trust St John to keep my data safe in
We work as hard as we can to protect our data systems from these
types of attacks and employ a range of third party partners and
cyber-crime solutions to continually update our protection.
What do I need to do now?
You don’t need to take any immediate action. However, if you
work for one of our corporate customers, please pass this email on
to the person in your organisation who is responsible for data
If I have any other questions, who can I
If you have any further questions, then please email
I previously asked you to not send me marketing emails –
why have you contacted me now?
We have contacted you because this is important information
about your account or your organisation’s account with us. If you
have previously opted out of receiving marketing messages from us,
this preference still stands.