Accountancy software firm, Sage, has suffered a data breach, in which "personal details and bank account information for employees of as many as 300 large UK companies may have been compromised."
Sage announced that they were "investigating unauthorised access to customer information using an internal login”. City of London police are currently investigating to determine who was responsible.
|
Sage's Website message: We believe there has been some unauthorised access using an internal login to the data of a small number of our UK customers so we are working closely with the authorities to investigate the situation. Our customers are always our first priority so we are communicating directly with those who may be affected and giving guidance on measures they can take to protect their security. If you have any concerns at all, you can reach us on the following contact details: The dedicated helpline number is 0845 145 3345 - please leave a message with your details and we will get back to you as soon as we can. You can also get in touch with us by emailing us at customercontact@sage.com. |
Weak password practices by employees are responsible for 65% of data breaches, so it’s no surprise that once again the attack vector is unathorised credential-based access. It’s not yet been disclosed just how the internal login details were obtained, whether by social engineering, insecure storage of passwords or whether it was simply a weak password that was easy for a hacker to work out.
Should the ICO decide that Sage have been negligent, the variety of imposed sanctions could vary from forcing an external audit of the firm to criminal prosecution. The cost to the organisation won’t be limited to remedying the damage or implementing a solution, reputational and financial damage can be significant, with Sage’s share price opening 4% down after news of the data breach.
When employees have to manage multiple passwords, security is often the first compromise. 2 out of every 3 attacks focus on credentials, with 63% of confirmed breaches involve taking advantage of weak, default or stolen passwords. It’s no surprise that credentials were responsible for the latest Sage breach, what is surprising is that they left themselves vulnerable to a credential-based attack.
[Update 17th August 2016]: City of London police haved arrested a 32-year-old employee of Sage at Heathrow airport in connection with a fraud investigation.
Video: Check out how a 2,000-Employee Business Eliminated Insider Threat by Using My1Login.
Related Articles
Why are the costs of data breaches rising?
The IBM annual Cost of a Data Breach Report revealed that the cost of a data breach has reached an all-time high of $4.35 million. Costs of data breaches have...My1Login has been named a finalist for IAM in two Awards
My1Login has been named a finalist for its Identity and Access Management solution at both the Computing Security Awards and the Computing Security Excellence...
