A charity that protects and restores woodland in England, Northern Ireland, Scotland, and Wales has been targeted by a "sophisticated, high level" cyber-attack.
According to a security incident notification published by the Woodland Trust on its website, attackers gained unauthorized access to the charity's IT systems in December.
An investigation is under way to determine what, if any, data held by the Trust was compromised. Upon learning of the incident, the charity disconnected all of its IT systems in an effort to prevent any further unauthorized access from occurring.
"We believe the incident took place after 7pm on 14 December," stated the charity in its security notification. "As soon as we became aware of the incident, we took immediate action to mitigate the impact, appointing a number of third-party experts including forensic IT specialists and legal counsel, to determine the nature of the criminal activity."
The charity did not give a timeline for when the investigation into the incident will be completed.
Trust members were told: "Investigations of this nature take time due to the complexity of the work being carried out. As soon as new information becomes available, we will of course share further updates with you.
"In the event of confirmed data loss, we will identify and inform those affected immediately, in accordance with GDPR."
While the notification does not specify the type of information that may have been compromised in the attack, its wording suggests that contact details and financial data belonging to Trust members may have been exposed.
"We understand this news will concern and worry our members and supporters. We would like to reassure you we are doing all we can to determine fully the nature and scope of the incident as quickly as possible, including as a priority what data, if any, may have been impacted," states the notice.
"As a precaution, we are encouraging all our supporters to be mindful of any suspicious activity, especially unexpected emails or phone calls from unknown sources or purporting to come from your bank."
The charity said that relevant authorities have been notified of the attack, including the Information Commissioner's Office, the Charity Commission, and the police.