Last week one of our staff had their Outlook email account targeted and hacked.
The attack was sophisticated with the perpetrator using a VPN through a Manchester data centre to gain access to the individual's email inbox. Once inside, they were able to see a number of member and other stakeholder email addresses. It is not known at this stage where the attack originated from in the world, but our IT experts are working in close collaboration with Microsoft and others to investigate.
As soon as we became aware of the incident, we initiated our internal protocols in respect of data breach management. We also shut down the staff member's email account. We engaged the support of the Information Commissioner's Office, IT specialists and our legal advisers.
Our IT company immediately began a full and thorough investigation. They have assured us that our iMIS member database has not been compromised, nor any financial systems, nor have any of our other IT infrastructure assets due to our own VPN and other protective measures being in place. As we are working remotely, they have also checked all staff laptops and have confirmed them to be clean with all security measures up to date.
Our investigations indicate that just under 1,700 people had their details compromised. We have contacted all those affected.
I would likely to publicly apologise for any inconvenience that may have been caused by this attack and offer our reassurance that we are taking all appropriate steps to ensure that this never happens again.
We will inform individuals should the results of our investigation suggest further impact on the processing of their personal data and urge anyone that received the phishing email to delete it immediately. As an additional precaution, and in line with our incident response protocol, we request all users of MYPMI update their passwords as soon as possible.
If you have any queries, please contact us here.
Last update: 22 September 2020