Interserve hit by data breach - 100,000 people get data stolen

News by Rene Millman

One of the UK government’s “strategic suppliers” is recovering from a cyberattack which took place over the weekend that may have seen the details of up to 100,000 people stolen.

A company that is one of the UK government’s “strategic suppliers” and maintains a number of schools and hospitals as well as transport networks such as the London Underground, is recovering from a cyberattack which took place over the weekend that may have seen the details of up to 100,000 people stolen.

Hackers hit the infrastructure of Interserve over the weekend and accessed a human resources database at the outsourcing firm on 9 May and stole information on current and former Interserve employees, a company insider told the Telegraph.

Detail taken include employee names, addresses, bank details, payroll information, next of kin details, HR records, dates of absences and pension information.

In a statement, Interserve confirmed it had been subjected to a cyberattack.

“Interserve is working closely with the National Cyber Security Centre (NCSC) and Strategic Incident Response teams to investigate, contain and remedy the situation. This will take some time and some operational services may be affected. Interserve has informed the Information Commissioner (ICO) of the incident. We will provide further updates when appropriate,” the statement read.

“Interserve’s employees, former employees, clients and suppliers are requested to exercise heightened vigilance during this time.”

Niamh Muldoon, senior director of Trust and Security at OneLogin, told SC Media UK that it is a shame that Interserve, a company which helped build the Birmingham Nightingale hospital, has been targeted by hackers in this way.

“But this demonstrates how all enterprises need to step up their prioritisation of security in order to protect personal data. Attackers know that many organisations are not taking a strong enough stance when it comes to access security. Once they have a set of valid credentials, it is easy to compromise corporate applications, particularly SaaS Apps including HR Systems, File Storage Services and CRMs,” she said.

“Multi factor authentication (MFA) is currently the best method by which organisations can protect themselves from such attacks, proven to prevent 99.9 percent of account takeovers. Whether it be a soft token, hard token, certificate or SMS, companies should look at implementing MFA across the board.”

Kelvin Murray, senior threat research analyst at Webroot, told SC Media UK that health and education sectors are common targets for cybercriminals throughout Covid-19.

“The inherent weakness in their cybersecurity is one factor, but the value in their data is another. In this case, hospital data can be used in insurance fraud, drug prescription forgery, extortion or as a means to enable future attacks on the service or the individual victims. The sheer size and scope of the healthcare industry and the fact that the public sector uses many contractors and outside parties makes it a difficult task to admin and secure. Likewise, in education, we have seen valuable research being a constant target in recent years,” he said.

Another construction firm, BAM, also appeared to have suffered a major data breach. According to a report by Building magazine, a spokesperson said that it has been the subject of a “significant cyberattack”.

In a statement, BAM Construct UK said: “We have stood up extremely well to a significant cyber-attack on our business, which forms part of the wave of attacks on public and private organisations supporting the national effort on Covid-19. Supplier and employee payments are being made and so it is, for our clients, subcontractors and our teams, pretty much business as usual.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews