The Flagship Group cyberattack is still causing problems for the Norwich-based housing company with many of their systems and services still offline.
According to the company, they were hit by a major cyberattack on the 1st November, which took many of their systems offline and reduced their available services. To prevent further issues worsening, Flagship Group has taken further systems down, and it is understood that some systems have now been inaccessible for the week.
The BBC says that Flagship Homes own and manage 31,000 homes in England and employ over 1,200 people in their repairs, facilities, heating and maintenance departments. The numbers in terms of anyone who may be affected by the data breach are currently unknown, but these figures could mean that a substantial volume of information is at risk of exposure.
What we know about the Flagship Group cyberattack
The Flagship Group cyberattack appears to have started on the 1st November 2020. It is currently unknown exactly how many people may have been affected, or what data has been breached or compromised.
Flagship Group has confirmed that the cyber-attack was caused by ransomware known as Sodinokibi.
Flagship Group has taken appropriate actions to stop the spread of the attack by taking systems and services offline. Despite their quick response, it has been announced that some personal and staff data has been compromised.
A statement from Flagship Group’s currently unavailable website says:
‘We’re sorry our systems haven’t been working as normal. Unfortunately, on Sunday 1st November 2020, a major incident occurred, taking most of our systems offline, and limiting some of our services available to you.
‘We can assure you we are working tirelessly to bring our systems back online and we apologise for any inconvenience caused at this time.’
Flagship Group has informed the Information Commissioners Office (ICO), Action fraud and the Regulator for Social Housing about the data breach. This is in addition to being advised by the National Cybersecurity Centre and the National Crime Agency.
Data involved in the breach
It is currently unknown exactly what information has been affected in the Flagship Group cyberattack. We know from experience that data breaches of this type can include incredibly sensitive and personal information.
In a breach that could be similar in terms of the nature of the company’s business, the Watford Community Housing data breach that we represent people for resulted in a wealth of personal and sensitive data being leaked for residents. This included information such as contact details, disability data, sexual orientation information, and ethnic origin details.
With the Flagship Group, as a letting agency, there is at least the possibility of financial and payment card information being included in the breach. However, it is important to stress that the details as to what has been compromised is currently unknown.
From what we can gather from Flagship Group’s official statement, it appears as though someone may have fallen for a phishing scam and personal information is being held for ransom. If this is the case, the company may have been locked out of their own systems as a result of hackers encrypting files, which usually then means the target will be asked to pay a fee for systems to be decrypted.
What happens next?
Any victim of the Flagship Group cyberattack must be informed as soon as possible. The company has a duty to inform everyone affected as soon as they can.
At present, we understand that they are still conducting their investigations, but customers and employees alike should be incredibly vigilant of being targeted for scams and fraud. If anyone is advised of being affected, we are on hand to help.
Our team works from 9am to 10pm on most weeknights, and our office is also open 9am to 5pm on weekends.
As a leading firm of data breach compensation lawyers, we represent thousands of claimants across over 50 different multi-party and Group Actions. We offer No Win, No Fee representation for eligible clients as pioneers in this complex and niche area of law.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Matthew on November 06, 2020
Posted in the following categories: Cybersecurity Data GDPR Hacking News Latest Ransomware Scammers Security Technology and tagged with cyber attack | cyber crime | cybersecurity | data breach | data controllers | database security | online security | personal data | phishing scams | ransomware