You are here:

Data incident Tuesday 2 July 2019

At 9.00am on Tuesday 2 July, St John Ambulance was subjected to a ransomware attack. This has not affected our operational systems and we resolved the issue within half an hour.

This means that we were temporarily blocked from accessing the system affected and the data customers gave us when booking a training course was locked.

We are confident that data has not been shared outside St John Ambulance.

We’ve informed the ICO and the Charity Commission, as well as the police.


What is a ransomware attack?

Ransomware is a type of malicious software that gains access to files or systems and blocks user access to those files or systems.

What data of mine has been affected?

  • • Name of the person who booked the course
  • • Name of the person who attended (where different)
  • • Course attended
  • • Contact details provided
  • • Where a certificate has been issued, a delegate name
  • • Any other special requirement information that you gave us on booking
  • • Course costs that you have been charged
  • • Course outcome
  • • Invoicing details
  • • Where relevant, driving licence data

I gave you my credit card details – do I need to cancel it or change my bank account?

No. When you book a training course with us, whilst you must provide card details to pay, those details are processed by Barclaycard SmartPay, so go straight to our bank and are therefore not stored with us.

Have you informed the Information Commissioner’s Office (ICO)?

Yes, we’ve notified them in line with their regulations.

Have you told any other agencies?

Yes, as this is a crime, it has been reported to the police. We have also notified the Charity Commission.

Is my password affected?

No, no customer passwords were stored in the database that was affected by this incident.

Has my data been stolen?

No. The data affected was encrypted by a virus limited only to that system and therefore we were temporarily unable to access it. The issue is now resolved.

Who is affected?

This covers everyone who has opened an account, booked or attended a St John Ambulance training course until February 2019.

What kind of data has been affected?

The only data that has been affected relates to our training course delivery. It does not cover supplies, events, ambulance operations, volunteering, volunteer, data, employee data, clinical data or patient data.

When will you resolve the issue?

The issue was resolved immediately.

How can I trust St John to keep my data safe in future?

We work as hard as we can to protect our data systems from these types of attacks and employ a range of third party partners and cyber-crime solutions to continually update our protection.

What do I need to do now?

You don’t need to take any immediate action. However, if you work for one of our corporate customers, please pass this email on to the person in your organisation who is responsible for data protection.

If I have any other questions, who can I ask?

If you have any further questions, then please email

I previously asked you to not send me marketing emails – why have you contacted me now?

We have contacted you because this is important information about your account or your organisation’s account with us. If you have previously opted out of receiving marketing messages from us, this preference still stands.