The MS Society has written to approximately 25,000 of its web users to warn them their personal information may have been accessed by hackers.
Supporters who registered with the charity’s forum, used the “contact us” form online, or contacted the charity by phone or email, may have become victims of malicious software discovered on its website, the charity said.
But it said financial information of donors was not at risk as the donation page was run by a separate part of the site.
The risk was identified on Friday and “immediate action" was taken to protect users' information, the charity said.
Michelle Mitchell, chief executive of the MS Society, said: “As soon as we discovered the malicious software, we took the relevant part of the website down and immediately notified the Information Commissioner’s Office.
“We have since notified the Charity Commission. We have worked as quickly as possible to identify which individuals’ details were at risk and how, and to contact those affected as quickly as we could.”
Mitchell said she was “extremely shocked” that the charity was targeted and will “conduct a full investigation into what happened”, including an investigation into why its IT security systems did not prevent the attack.
"The security of the information we hold is of the utmost importance to us and we have taken immediate steps to improve our website systems,” she said. “We can provide reassurance that we have since upgraded the levels of security on our website systems."
Quarterly figures by the Information Commissioner’s Officer revealed that 53 charities suffered data breaches in the six months to March this year – more than double the amount the same time last year.
Charities are now the fourth most likely category of organisation to fail to properly protect data, the ICO revealed.
In 2013, the Nursing and Midwifery Council received a £150,000 fine after it lost three DVDs containing patient information.
Last year, the British Pregnancy Advice Service (BPAS) was fined £200,000 after a hacker accessed 10,000 users’ details. Information line
The MS Society advised its web users to change their password “at their earliest opportunity for all websites that they use the same password for”. But it said no further action was needed by anyone at this time.
The charity has set up a dedicated Information Security Freephone number for people who might be affected to call.
The line will be open between 9am and 8pm Monday to Friday and 9am and 6pm on Saturday and Sunday. It can be accessed on 0800 151 2391 or 0330 159 3820.
Safeguarding data will be among the topics discussed at the Charity Technology Conference in November. Today is the last day for early bird bookings. Click here for more information about what's on the programme and to book.