Telecoms provider Sure has apologised to staff and suppliers after discovering internal emails may have been hacked.
Sure confirmed it has been targeted in a phishing attack and some personal information including names, addresses and bank details may have been stolen.
It has sent a letter out to 400 suppliers and past and present staff in the Isle of Man, Guernsey and Jersey warning of the data breach.
One member of staff in the Isle of Man contacted the Examiner to say: ’My name, address and banking data has been affected by this breach of security.
.jpeg?width=209&height=140&crop=209:145,smart&quality=75)
’If highly secure company servers and emails were accessed what other secure data may have been accessible to an attacker?’
The letter, marked ’private and confidential’ but leaked to the Examiner, was sent out by Sure’s information security and data protection officer on July 24.
It states: ’I am writing to inform you of a recent incident that may have resulted in some of your information held by Sure being accessed by an unauthorised party.’
It explained that IT staff discovered that in the early hours of Sunday, July 14, there had been unusual log-in activity from seven suspicious countries relating to a Sure staff email account.
The suspect email account was immediately locked down and access credentials changed.
But the letter said a ’detailed forensic investigation’ into the incident then discovered that some internal emails had been accessed by the attacker.
’There is potential that some information relating to you may have been viewed or accessed by the attacker,’ it warned.
The information includes details Sure uses to pay claims and expenses - limited to name, address, bank account and sort code.
details
No details on values and times of payments have been exposed. Payroll is not affected and no customers’ information has been compromised.
Sure said it ’sincerely apologises’ for the incident and is reviewing how it shares and processes information of this type internally. It says it believes the risk to staff is low.
The data breach has been notified to the Information Commissioner in the Isle of Man.
In a statement, Sure’s chief security officer Tim Stonebridge, said the loss of data was the result of human error.
He said: ’Sure has been targeted by a phishing attack which has resulted in the disclosure of fewer than 400 suppliers’, employees’ and former employees’ data across the three islands of Guernsey, Jersey and the Isle of Man.
’The data was limited in nature and no existing customers’ data has been compromised.
’Contacting those affected has been our priority and we have now informed them and offered relevant advice, as well as making the data protection authorities in each island aware of the attack.
’The loss of data was the result of human error and only affected one staff email account which our systems identified and subsequently shut down. The attack was contained and Sure’s systems were never compromised.
’While the data that has been stolen cannot be used in isolation, we have advised those affected to be extra vigilant.
’We’d like to apologise to all those who have been affected. Security is of paramount importance to Sure and our employees undergo regular cybersecurity training.
’We are constantly reviewing our training programmes and will use this example to inform future learning.’
Comments
This article has no comments yet. Be the first to leave a comment.