[BreachExchange] Sage Confirms Customer Data Breach
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Aug 15 18:49:55 EDT 2016
http://www.techweekeurope.co.uk/workspace/sage-customer-data-breach-196407
British software firm Sage has confirmed it is investigating a case of
“unauthorised access” to data that it said occurred at some point in the
past few weeks.
Sage, which makes business software including accounting and payroll
programs used by customers in 23 countries, said police are investigating
the breach and the data protection regulator, the Information
Commissioner’s Office (ICO), has been informed.
Customer data
The incident involved personal information relating to employees at 280 UK
businesses that are customers of Sage, such as employee bank account
details and salary information, and the data may have been either stolen or
merely viewed, according to a number of media reports citing unnamed people
with knowledge of the investigation.
The data was accessed by someone using an “internal” login, according to
Sage.
The company said it has notified the businesses affected and has advised
them to watch for any unusual activity.
“We are investigating unauthorised access to customer information using an
internal login,” Sage said in a statement. “We cannot comment further
whilst we work with the authorities to investigate – but our customers
remain our first priority and we are speaking directly with those affected.”
Insider threat
Computer security experts said data breaches caused by internal actors are
a growing problem due to the increasing amounts of sensitive data companies
handle.
As a result they advised organisations to put into place user-centric
identity and access management programmes.
A recent IDC study found that only 12 percent of the businesses surveyed
were highly concerned about threats posed by malicious insiders, with only
27 percent concerned about poor end-user security practices.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160815/73e34b04/attachment.html>
More information about the BreachExchange
mailing list