Interserve Group has been fined £4.4 million by the Information Commissioner’s Office (ICO) for breach of data protection law, following its failure to keep personal information of its staff secure.
The UK security watchdog found that the company “failed to put appropriate security measures in place to prevent a cyber attack”, which allowed hackers to gain access through a phishing email to the personal data of up to 113,000 employees.
The ICO said the compromised data included personal information such as contact details, national insurance numbers, and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation, and health information.
The cyber attack took place in May 2020 when an Interserve employee forwarded a phishing email, which was not quarantined or blocked by the company’s system, to another employee who opened it and downloaded its content. This resulted in the installation of malware onto the employee’s workstation.
Whilst the company’s anti-virus quarantined the malware and sent an alert, Interserve failed to thoroughly investigate the suspicious activity. A total of 283 systems and 16 accounts were subsequently compromised by the attacker, who was also able to uninstall the company’s anti-virus solution. Personal data of up to 113,000 current and former employees was encrypted and rendered unavailable.
The ICO investigation found that Interserve “failed to follow-up on the original alert of a suspicious activity, used outdated software systems and protocols, and had a lack of adequate staff training and insufficient risk assessments”, which left them vulnerable to a cyber attack.
John Edwards, UK Information Commissioner, said: “The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn’t regularly monitor for suspicious activity in its systems and fails to act on warnings, or doesn’t update software and fails to provide training to staff, you can expect a similar fine from my office.
“Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information. This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud.”
According to Pitney Bowes Parcel Shipping Index, worldwide parcel volume is likely to double in the next five years, with the UK showing the highest increase in carrier revenue of all 13 countries in the Index.
Alongside a huge uptake in the volume of parcel volume and spend, post pandemic, the adoption of hybrid working patterns means that FMs need to find ways to enable staff to book / host collaborative meetings in available workspaces and to find desk, office and parking spaces by utilising automation and data capture to enable site governance.
Yet a recent survey by FMJ in partnership with Pitney Bowes found that 20 per cent of recipients are still using manual paper-based visitor systems, which doesn’t fit with their top priority – to maintain a safe and operational environment.
This overwhelming reliance on paper-based systems is causing many respondents bottlenecks, resulting in a lack of efficiently in logging and tracking packages and people coming into the organisation.
In this webinar, Gary Abbott Director of Business Development and Stuart Bushaway, Head of Dealers Operations and FM Relationships at Pitney Bowes will outline the main findings of the two surveys and what this could mean for FMs, followed by a discussion, chaired by FMJ Editor Sara Bean with a panel of thought leaders into the solutions available to meet these challenges.
Register for the webinar here.