Amey has joined the growing list of construction companies affected by hacks, after suffering the blow of a ransomware attack in mid-December last year. The Amey cyberattack reportedly exposed extensive company data, including information relating to employees and business transactions.
With much of the data being dumped on the hacker group’s leak site, the cyberattack has produced a substantial breach of company privacy that could significantly affect the operations of the infrastructure support service provider. As a giant of the industry, the Amey breach will likely raise concerns in the UK construction sector, with other companies worrying if they may be the next target.
The impact of the Amey cyberattack
It is understood that a ransomware group were able to breach computer systems for Amey on or around 16th December, from which point they may have had access to a large quantity of company information
The data exposed is reportedly varied and extensive, comprising of financial documents such as bank statements, identity documents like passport and driving license scans, and business partnership agreements. Much of this data is believed to be included in a file dump that the hackers have published on their leak site.
The unauthorised insight external third parties have obtained into the company’s employees, deals and transactions constitute a severe breach of privacy that could compromise business relationships. Employees of Amey will likely be wondering if their employers have protected their information sufficiently, and business partners may be reconsidering the trust they invested in the company.
Construction companies at risk
As mentioned above, the Amey cyberattack is not the only attack to have affected the construction industry last year. Over the course of a four-month period, BAM Construct, Interserve and French-based company Bouygues have also been affected by external breaches of computer systems.
The Amey cyberattack is still under investigation from the ICO, which received the report of the breach on 14th December. It is not yet clear if any system insecurities may have allowed the hackers to gain access, or if there are any changes that need to be made to data protection measures going forward.
If construction companies are to protect themselves from cyberattacks in future, lessons will need to be learnt from the hacks they have already suffered. This could involve introducing more cybersecurity defences or imposing more rigorous employee procedures.
Making a data breach compensation claim
In cases where companies are found liable for cyberattacks, those affected by information exposure can often be eligible to make compensation claims against the organisation in question. While the responsibility of Amey has not yet been ascertained, in many data breaches, it transpires that data exposure could have been avoided if there had been sufficient data protection measures in place.
At Your Lawyers – The Data Leak Lawyers – as leading data breach claims solicitors, we are here to help any victims of data breaches claim compensation for any distress that they have suffered. We can also look at claims for losses and expenses incurred as a result of having private data leaked as well.
In the age of the GDPR, it is simply unacceptable for companies to neglect their data protection duties, and compensation can be recovered if liability is proven. Contact us for free, no-obligation advice if you think you have a claim to make.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Matthew on April 05, 2021
Posted in the following categories: Cybersecurity Data Employee Data Breach Financial Data Breaches GDPR Hacking News ICO Latest Ransomware Scammers Security and tagged with cyber attack | cybersecurity | data breach | data controllers | data leak | database security | employee breaches | gdpr | online security | personal data | ransomware