Evide Data Breach
This page has been setup to keep our clients updated and informed about the recent security issue involving Evide Impact Limited (‘Evide’). We would like to make sure you have the facts about what happened, the information involved, and the steps we are taking to help protect you.
What is Evide?
Evide is an online database controlled by Evide Impact Limited which 21 Training captures data on participants in our training and uses to run reports this includes data on individuals including their education, to meet the requirement of our programmes.
What happened? (Statement from Evide Impact Limited)
“On 29 March 2023, Evide became aware of an incident whereby unusual traffic was detected on its network. Evide’s clients informed us that there was a message on our database that a server could not be found and we noticed that some servers had been deleted. Upon discovery of the suspicious activity, the affected servers and systems were immediately taken offline. We have been informed by the cyber-security specialists that in the course of the cyber security incident an unauthorised third party gained access to our IT systems. The unauthorised party has since made direct contact with us and provided some evidence that it has exfiltrated our clients’ data. Whilst we cannot guarantee that all client data has been exfiltrated at this stage, we are operating on the assumption that all of our clients’ data has been exfiltrated from our systems.”
What information was involved?
21 Training were in a testing phase with Evide and the data involved was mainly test data.. We know that only 8 clients were affected by this data breach. The data accessed may have included personal information such as; full names, address, contact numbers, email address, date of births and national insurance numbers. The data accessed did not include any financial or equality information.
What we are doing?
As a precaution, we have removed all data from the system and invalidated passwords of all user accounts and forced password resets. In addition, 21 Training have ceased using real client data on the Evide system until we understand the full extent of the attack and the investigation has concluded. We are also actively working closely with the Information Commissioners Office (ICO).
21 Training values your privacy and deeply regrets the occurrence of this incident. The Data Controller (Evide Impact Limited) are conducting a thorough review of those potentially affected with support from cyber security specialists, the police cyber security teams will provide further information as the investigation progresses. All significant developments regarding this investigation will be added to this page.
What you can do
Please see the personal information toolkit booklet from ICO, for further information on steps you can take to protect your information https://ico.org.uk/media/1042838/personal_information_toolkit.pdf.
For more information: if you have any questions, please feel free to contact our Data Protection Officer at dpo@21.training or call 028 7138 2260.