Cyber Incident Victim: Association of Chairs
Date:
May 2025
Location:
United Kingdom
Summary
Association of Chairs lost access to its website domain and associated email addresses after a cyberattack, prompting a move to a new .co.uk domain and updated email addresses while confirming no personal data was compromised and member logins remained secure through its partner sheepCRM. The organization warned members not to engage with communications from the old domain, which is currently listed for sale, and is working with Nominet to regain control of the original domain while acknowledging support from its IT partners during the recovery.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Friday 23 May 2025 at approximately 4 pm the Association of Chairs lost access to its domain associationofchairs.org.uk as a result of a cyberattack, which also rendered all email addresses using that domain unavailable. The organisation immediately moved its website to the new domain associationofchairs.co.uk and updated internal email addresses to end with .co.uk instead of .org.uk, citing an example address such as [email protected]. Association of Chairs stated that there was no evidence that any personal data had been accessed or compromised and confirmed that members’ login details remained securely held by its software‑partner sheepCRM. Members were advised that they could continue to access their resources via the SheepApp or by using the members’ area button on the new website. The old domain associationofchairs.org.uk was later observed to display a notice that the website was up for sale at auction. Association of Chairs said it expected to regain control of the original domain in the coming days and would be engaging with Nominet, the UK’s national domain name registry, to facilitate that process. The organisation also noted that it had not received any emails sent to the former .org.uk addresses after 4 pm on 23 May.
Association of Chairs chair Joe Saxton said the organisation did not initially know whether the attackers were seeking data or attempting to monetise the organisation’s payment system. Chief executive Liz Lowther reported that steps to secure the organisation’s systems were taken within minutes of the attack, including issuing warnings across multiple channels not to reply to any emails or requests originating from the old domain and to avoid using the website until further notice. Staff and suppliers worked throughout the subsequent bank holiday weekend to address the issue. In a LinkedIn post days after the incident the Association thanked its trusted IT suppliers Ave, sheepCRM and Transpeed Ltd, noting that their senior teams remained available over the weekend, providing practical help and personal kindness. The post added that the suppliers’ professional guidance and reassurance made a significant difference to the speed of resolution and that choosing to work with reliable, security‑focused partners had helped limit the harm of the attack. Association of Chairs indicated that it would share lessons learned from the episode in order to assist other organisations and expressed hope that supporters would continue to back its return to business as usual.