Phishing Incident August 2019
Collinson were subject to a phishing incident in August 2019 in which a number of our internal email accounts were potentially compromised. As a result of this, immediate actions were taken to enhance our systems and ensure that we mitigated any potential further attacks. This included:
- Securing staff email accounts;
- Enhancing the security of our email systems generally;
- Working with independent forensic analysts to analyse and improve our security processes;
- Implementing staff awareness training and tools to mitigate against future responses; and
- Notifying the Information Commissioner’s Office (ICO) and the Financial Conduct Authority (FCA).
We have assessed the data which has been potentially compromised and identified the clients and customers who need to be contacted and informed. We are in the process of notifying customers and have provided an email address for any queries.
The information below has been provided to give further information on the incident, but should you require any further details please email firstname.lastname@example.org.
Frequently Asked Questions (FAQs)
How was the data compromised?
On 13th August 2019, we were subject to a phishing attack in which a number of our internal emails were potentially compromised. We have reviewed these email accounts to identify any personal data which may have been accessed and are contacting those individuals. We have no reason to believe data has been used in any way.
What data has been accessed?
The types of data contained in the compromised records have been detailed in your email. This may be different for each customer so please refer to your original notification email for any specifics.
When did the incident happen?
The phishing email was received on 13th August 2019. We identified the incident within four hours and immediately secured our email systems.
Why did it take you so long to write to customers?
Containing the incident and mitigating any potential further attacks was our first priority. We took swift action to secure our systems and immediately launched an investigation to establish the relevant facts and understand what data had been exposed and for which individuals. We brought in independent forensic experts to assist and determine the extent of the potential exposure.
We have now received the results from the independent forensic investigation and immediately started contacting those affected to provide the relevant guidance and support. We have kept the Information Commissioner’s Office (ICO) fully updated on this incident and we implemented staff awareness and tools to mitigate against future responses.
What steps have you taken to address this lapse in security standards?
We have identified what happened and why it happened and took swift action to resolve the issue. Even though we have strict security processes and policies in place, in this instance, we fell short of our usual standards. We have taken all appropriate steps to ensure that we mitigated any potential further attacks and continue to thoroughly review our procedures in relation to data security.
Have you informed the Information Commissioner’s Office (ICO)?
We have kept the Information Commissioner’s Office fully updated on this incident.
Will customers receive compensation?
At present, we do not believe there is any basis for compensation. If any individual customers have specific concerns, they can contact us via email to email@example.com.
As a precautionary measure, to help protect your identity we have arranged a complimentary 12-month membership for you to an identity protection service, ID Sentry. Further details should be included in the original notification email advising you of this incident.
ID Sentry helps to keep your online personal and financial profiles safe and your identity protected. The service monitors the web for instances of personal or financial information that could increase the risk of identity fraud, together with monitoring against a database of compromised data collected from criminal websites, sometimes referred to as the ‘dark web’.
Do customers need to take any action?
Customers should always be vigilant and cautious when clicking on an unknown link or giving any details to an unverified or unknown party.
Who can provide further information on this incident?
If you wish to discuss this further, please put your query in writing and email to firstname.lastname@example.org.