On 23 May 2025, the Association of Chairs experienced a cyber attack that resulted in the temporary loss of access to its website and domain. The organisation responded swiftly, with staff identifying the issue within minutes and initiating security protocols. Fortunately, no personal data was compromised, as member login information was securely managed by their software partner, SheepCRM. The charity also confirmed that it suffered no financial loss.
As a precaution, the Association launched a new website under a different domain—switching from @.org to @.co.uk address—and updated its internal email addresses accordingly. Members and supporters were promptly informed through multiple channels, with a warning not to interact with the compromised domain. The incident was reported to the National Fraud Bureau via Action Fraud, and a thorough internal investigation is underway.
Lessons learned
- Rapid Response is Critical: The organisation’s quick identification and containment of the breach helped minimise disruption and risk.
- Secure Data Partnerships Matter: Outsourcing sensitive data to a trusted CRM provider helped protect member information.
- Communication is Key: Transparent and timely updates to stakeholders helped maintain trust during the incident.
- Preparedness Pays Off: The robustness of the Association’s systems and its ability to pivot to a new domain demonstrated strong operational resilience.
- Sector-Wide Risk: The Association highlighted that around 30% of charities face cyber attacks annually, underlining the importance of sector-wide vigilance.
Looking ahead
In light of this incident, the Association of Chairs has committed to reviewing and strengthening its cybersecurity protocols and plans to share its learnings to support other organisations in the sector.
Resources
For additional support, we recommend reviewing the National Cyber Security Centre (NCSC) small charity guide, aimed specifically at smaller charities to help improve cyber security.
How PEM can help
To support charities in strengthening their cyber resilience, we have published a number of articles providing guidance on cybercrime on our website including our latest from March 2025, and we will be running a Cyber Recap session in December 2025. This session will cover recent threats, practical prevention strategies, and lessons from real-world incidents like this one. More details will be provided in due course.
Learn more and get advice
Get in touch with our Charities team if you’re looking to learn more about how this could affect your charity or non-profit organisation.
Please note that this content is not intended to give specific technical advice. It is designed to highlight some of the key issues rather than provide an exhaustive explanation of the topics. Professional advice should always be sought before action is either taken or refrained from as a result of information contained herein.
