Cyber Incident Victim: Woodland Trust

The Woodland Trust, the UK's largest woodland conservation charity, experienced a sophisticated cyberattack in December 2020 that significantly disrupted its operations. The organization detected unauthorized activity on its network and immediately implemented containment measures upon discovery, though the exact date of initial compromise remains unspecified. Charity officials characterized the incident as a "high-level" attack but did not publicly identify the specific attack vector or threat actor involved. As a precautionary measure, Woodland Trust disconnected multiple IT systems from its network to prevent further unauthorized access, resulting in widespread service outages. The organization engaged third-party cybersecurity investigators and forensic IT specialists to analyze the breach while coordinating with law enforcement agencies and the UK Information Commissioner's Office (ICO) to determine potential data exposure.

One month after the attack (as of January 2021), numerous core IT systems remained offline as investigators continued assessing the scope and nature of the intrusion. The charity maintained this extended downtime to ensure forensic integrity and prevent secondary compromises while rebuilding affected infrastructure. Although Woodland Trust had not confirmed any data exfiltration or compromise of member information at that stage, it acknowledged the ongoing investigation might reveal such impacts. The organization committed to notifying affected individuals under GDPR regulations if personal data was confirmed to be compromised. Operational disruptions persisted during the recovery phase, with the charity prioritizing system security over rapid restoration. Public communications emphasized collaboration with cybersecurity experts and authorities while withholding specific technical details due to the active criminal investigation.