Sage, a UK business software provider, has recently experienced a huge data security breach. To update the previous report: on Wednesday, the police arrested one of their employees. A 32-year-old woman who was arrested, is the primary suspect. Since then, she has already been released on bail.
Currently, it still remains unknown what kind of information, if any, has been leaked. Despite of that, Sage began notifying their customers of the breach one week ago.
It is now estimated that about 200 to 300 UK business clients may have been affected, and the reason behind the data security breach lies in unauthorized access to their login data.
Sage’s software is used in the processing of payroll data. In order to complete this task, Sage collects several pieces of sensitive personal information, including addresses, bank account numbers, and insurance numbers; all of which were potentially at risk at the time of the breach.
When contacted about the arrest, Sage did not make any comments. Regardless of that, security experts claim that this situation makes for a good example why internal data security should be a high concern for every company. One of the ways this issue be minimised is by restricting employees from gaining full access to the company’s data.
Chris Webber, security strategist at Centrify, commented that access should be linked to individual accounts. That way, the company would always have the option of quickly revoking such access in case things go wrong.
Mimecast added that another security measure would be to have companies start monitoring the activities of their employees while they are accessing sensitive data.