Following on from our email yesterday regarding a problem with one of our email accounts, we wanted to update you on the current situation.What we know:
- Yesterday afternoon, at around 14:20 an email was sent pertaining to be from Simon, with the subject line ‘SAS Accounting Services Ltd – 21-01-2020’ or similar.
- Some contacts emailed Simon back to confirm the legitimacy of this email, others phoned or sent text messages. At this point we knew we had an issue and contacted our IT Support company. They swiftly took action and changed the passwords on our email servers. This procedure was completed by around 14.30.
What we have done:
- Our initial thoughts were to stop the threat and IT support changed our email passwords.
- We sent out an email around 15.20 yesterday afternoon to our contacts (held within a separate data source) giving a brief explanation that we had had an issue.
- This morning, we also posted on social media and our website about the issue we encountered, in an attempt to make contact with as many people as possible who may have been affected.
- We reviewed our systems and confirmed that, to the best of our knowledge, this issue was isolated to one email account and email contacts. The email sent out, again to our knowledge, did not disclose the other email addresses that it was being sent to or any details of other recipients.
- On reviewing our email portal, we discovered that in addition to the emails being sent, a rule had been set up to move all incoming emails to the deleted folder and mark as read. This would explain why those contacts who immediately replied by email were not acknowledged.
- We have reviewed all other systems and cannot detect any unexplained activity or loss of data; our email system is separate to all other systems where we hold data.
- Given the information above, we concluded that this breach carried a neutral risk to individuals and telephoned the ICO helpline. We discussed the issue with them and based on their advice we made a record within our breach log.
What we are doing:
- We are currently having our complete IT system scanned to ensure they are secure. If we discover anything else, then of course we will update accordingly.
- We are in discussions with our IT Support on the ways we can improve our email security to ensure we are not exposed to further threats.
Initially we would like to apologise for any inconvenience caused by this issue, we take these matters very seriously and will do our best to ensure it doesn’t happen again; improving our security where we can.
Secondly, we would like to thank everyone for their co-operation in assisting us rectify the issue. Many of the emails were detected by the recipient’s junk folders, however the contact we did receive helped us deal with the threat promptly.
In summarising what has happened, we hope that not only will it alleviate any concerns raised, but it will also highlight the form an email attack may take.
Should you have any concerns on any of the points raised here, please feel free contact Simon directly on 01206 656131