The accounting software company has revealed that its network was compromised by an individual using an unauthorized internal login. It is not yet clear whether any information was released, and if so, how much, but Sage admitted that potentially hundreds of businesses could have been affected by the security failure.
Sage issued a statement concerning the data breach, which is believed to have been carried out by an internal agent, rather than a cyber attacker, and confirmed that the company was working with police and the Information Commissioners Office (ICO) to resolve the situation:
“We believe there has been some unauthorised access using an internal login to the data of a small number of our UK customers so we are working closely with the authorities to investigate the situation.”
Sage also stated that they would be communicating directly with those customers whose information may have been affected and that they would be proactively providing guidance and advice to customers on protecting their security.
It is not yet clear whether business data including addresses, National Insurance Numbers, and bank account details were put at risk, but the ICO confirmed that it was investigating:
“The law requires organisations to have appropriate measures in place to keep people’s personal data secure. Where there’s a suggestion that hasn’t happened, the ICO can investigate, and enforce if necessary.”