SAGE DATA BREACH
Sage, a company not the herb, is one of the UK’s largest technology companies and provides payroll and accounting software and services. It released a statement in August 2015 that some 280 companies, their employees and all of their data including salaries, had been breached using an internal login. They said in a statement:
“We are investigating unauthorised access to customer information using an internal login. We cannot comment further whilst we work with the authorities to investigate but our customers remain our first priority and we are speaking directly with those affected.”
Sage, has claimed it has well over 6 million SMEs using it worldwide across 23 countries, however it seems that this data breach has only affected those within the UK. Since the breach, Sage immediately contacted the ICO and the City of London police to further use their powers to investigate this matter.
A FEW DAYS AFTER THE SAGE DATA LEAK
A few days after Sage released their statement about a data breach, a 32 year old woman, under the employ of the company was arrested at Heathrow for Conspiracy to Defraud The Company. She has since been released on bail. This has brought forward the question of people’s passwords being changed after they leave and how much remote access they should have. Additionally, some have said that companies need to be far more proactive, spend more on security infrastructure and attempt to be notified before hacks even start.
If we were to guess, as gutted as Sage must be feeling, some part of me thinks they’re going to be relieved that this cyber attack came from within the company and not from outsiders. The Sage hack has come after a long summer of cyber attacks and is being contrasted by many to the hack that happened to Talk Talk in October of 2015, where over 100,000 customer details were leaked. This led to a massive apology by the CEO of Talk Talk and a cringeworthy appearance below on Newsnight: