The National Childbirth Trust (NCT) has suffered a data breach that has exposed the registration details of 15,000 people.
The NCT has emailed those affected to explain about the situation and apologise for the loss.
In a statement the NCT confirmed the incident but stressed that no financial information was at risk.
"[The leaked] details are limited to their email address and the username and an encrypted version of the password that they created to register on the site. We stress that no financial or personal details are held as part of this data so no financial or personal details have been compromised," it said.
"The breach occurred and was discovered on Wednesday, upon which we contacted everyone affected telling them about the breach and advising that they change their username and passwords."
It also confirmed it had informed the Information Commissioner's Office (ICO).
The security community has been quick to comment on the breach.
"This incident at the NCT will be a wake-up call for people. But it's not the first. Certainly it will provide a clear message to chief execs that if something like this happens they can expect to be paraded in front of a voracious media. And they'd better have some good answers to some tough questions," said Simon Crosby, CTO and co-founder of Bromium.
"Businesses have no excuse that they were not aware or prepared for such attacks. They'll need to prove that they took all reasonable steps to protect themselves. How they respond may be the difference between a damaging incident and fatal disaster."
David Gibson, VP of strategy and market development at Varonis, agreed that how the NCT reacts will be critical.
"Burying your head in the sand and hoping nothing bad will happen isn't an option these days, so companies should absolutely have a plan for what happens after they discover a breach," he said.
"Just like it would be silly not to have a plan for a fire in the building, it doesn't make sense not to have a response plan for a data breach.
"At a minimum, it's critical for companies to identify what may have been stolen or deleted and what their obligations are to customers, partners, shareholders etc.
"Different types of information have different disclosure requirements, so it's important for companies to understand what kind of data they store and what those obligations are so they can plan accordingly."
We have asked the NCT for its comments, and have checked with the Information Commissioner's Office about an investigation.
To hear more about security challenges, the threats they pose and how to combat them, sign up for V3 sister site Computing's Enterprise Security and Risk Management conference taking place on 24 November.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal