Cyber Incident Victim: National Childbirth Trust

On April 6, 2016, the National Childbirth Trust (NCT), a UK-based charity supporting expectant and new parents, discovered a data breach compromising registration details of 15,085 users of its website. The unauthorized access affected email addresses, usernames, and encrypted passwords stored during user registrations. NCT leadership, including CEO Nick Wilkie, immediately initiated incident response procedures upon identifying the breach. The organization confirmed no financial information or additional personal data beyond registration credentials was accessed or exposed, as such details were not stored in the affected system. Within 24 hours of discovery, NCT directly notified all impacted individuals via email on April 6, explicitly advising them to change their NCT website credentials and any other accounts using identical login details as a precautionary measure despite the password encryption.

The charity concurrently reported the incident to law enforcement and the UK Information Commissioner's Office (ICO) in compliance with data protection obligations. In communications to affected users, NCT emphasized the encrypted nature of the compromised passwords while maintaining transparency about the breach scope. The London-based organization, headquartered in Euston Square, clarified that its website registration system did not collect or store sensitive personal or financial data, limiting potential harm to credential exposure. No technical details regarding breach methodology, attacker identity, or system vulnerabilities were disclosed publicly. NCT's response focused on rapid user notification, credential reset guidance, and regulatory reporting without speculating about attack origins or providing mitigation strategies beyond password hygiene. The incident impacted a subset of the charity's broader user base, which serves hundreds of thousands of parents annually through its support services.