Sage Group, a provider of accounting, payroll and payments software for businesses, said an internal login had been used to gain unauthorised access to the data of some of its British customers. The personal details of the employees of about 280 British companies were potentially exposed in the breach, a company source said. It was working to ascertain whether any data had been stolen, the source added.
"We are investigating unauthorised access to customer information using an internal login," the company said in a statement.
"We cannot comment further whilst we work with the authorities to investigate but our customers remain our first priority and we are speaking directly with those affected," it added.
"We cannot comment further whilst we work with the authorities to investigate but our customers remain our first priority and we are speaking directly with those affected," it added.
The company has informed the Information Commissioner's Office and the City of London Police.
Sage did not reveal any further information about the breach, whether or how the data was obtained, how many people might be affected, the information that may have been compromised or even the services that were cracked.
The statement also raises questions about the security and monitoring of the company's authentication mechanisms. Sage did not say whether the breach was performed by a current or former employee, or whether the log-in credentials were compromised in some way.
Sage did not reveal any further information about the breach, whether or how the data was obtained, how many people might be affected, the information that may have been compromised or even the services that were cracked.
The statement also raises questions about the security and monitoring of the company's authentication mechanisms. Sage did not say whether the breach was performed by a current or former employee, or whether the log-in credentials were compromised in some way.
Credit: V3 |
Sage has around six million SMB customers around the world, and the unauthorised access of 280 customer accounts therefore represents only a small proportion of its total customer base. The company claimed that only UK-based customers were affected.
"It appears that the Sage breach came from an insider. Insider threats are almost always preventable if the right people-management processes and tools are in place," he said.
"This is the case even if the employee is a so-called reluctant insider, meaning that, for example, an external party has compromised their account.
"Sage also claims that it's currently unsure how the data was compromised. Again, with the proper investments in IT security this should be easily controllable and identifiable in a very short period of time."
The admission of a security breach at Sage comes after a week of revelations from retail systems vendors that appear to have been targeted by a gang of Russian hackers.
If you dont want to miss any of our latest update you can subscribe here with your email address or you can follow us on facebook to get the latest updates about tech and more.
Share This...
Share This...
No comments:
Post a Comment