THE personal details of hundreds of staff members at an East Lancashire company have been compromised in a sophisticated cyber-attack.
Bank account details, passport information, names and addresses of those working for Graham & Brown are thought to have been accessed in an attack by criminals which happened earlier this year.
Founded in 1946, the company is the UK’s largest wallpaper supplier and is based in Stanley Street, Blackburn.
The company employs hundreds of people around the country.
In a letter to employees, a representative of Graham & Brown revealed the company has received direct communication from those responsible for the cyberattack.
The criminals claim they hold several files containing UK personnel records of employees.
The company’s chief executive, Andrew Graham, said: “G&B Ltd was the victim of a malicious and sophisticated cyber and ransomware attack on February 23 and as a result all critical business systems were knocked out and the business could not function properly for the next two weeks.
“The G&B management team, IT team and colleagues worked alongside specialist system recovery experts over the next two weeks to save the company.
“No ransom was paid and it was an incredible team effort by all colleagues at G&B, and proved that the special collaborative culture that exists at the company is a huge advantage when dealing with critical business projects.
“At this time and since there was no proof of data being taken out of the system until the cyber criminals contacted our US office late on April 25, and left a message for us to visit their chat room. We did the following business day April 26, and the message shared a list of files (not the actual files themselves) that the cyber criminals claimed to have.
“We reported this to the police and the ICO and the next morning called an extraordinary ‘huddle’ to communicate with our management team to explain what had happened.
“They then shared this information by cascading it across the business to all colleagues and we met again at 3pm to review and answer questions.”
Mr Graham said at this point the company contacted all current and past staff members and created a specific e-mail address to ensure they did not miss any questions, enabling them to respond efficiently to any queries asked by members of staff.
He added all colleagues participate in monthly cyber security training from Mimecast and this was in place before the attack.
Mr Graham continued: “The police know of the criminals and have shared with us the site that they commonly publish the stolen data on the dark web.
“At present time no data from G&B is on this site. We are still being threatened by the criminals that they may issue this data if we do not give them what they want.
“We have since the attack paid for the leading 24/7, IT specialist security system – Crowdstrike to protect our business, changed all systems passwords and colleagues passwords and advised all colleagues to change personal passwords ensuring they are strong and unique.”
Everyone associated with the company have been advised to be ‘extra vigilant’ about phishing e-mails, text and calls and to be extra vigilant with any suspicious activity around their accounts.
He added: “Our approach has been open, honest and helpful to all colleagues in line with our culture and to protect and re-build our systems having being the victim of a sophisticated and brutal cybercrime.
“It is a credit to our colleagues that we have been able to get the business back up and running so quickly after such an attack and we are investing in more and the best security and training to protect our colleagues and our companies in the future.
“If any CEO wanted to engage with me to learn from us first hand from this dreadful experience then I would happily share what we have learnt.”
In the letter the head of human resources wrote: “In February, Graham & Brown suffered a very sophisticated cyber-attack on our systems.
“I am sorry to have to tell you that there are some new developments in relation to the cyber-attack that could affect current and some former employees, including yourself.
“After many weeks of silence, we have been contacted by the attackers and they have provided a list of files of which they claim to have a copy. This list includes UK Personnel Records.”
It is believed the compromised records contained personal data and sensitive information such as names, addresses, contact details, national insurance numbers, bank account details, medical information, passport numbers and driving licence details.
The letter continued: “We believe your data, including some or all of the above, is part of the potentially stolen data.
“I know that this is very unsettling news. As well as making you aware, we are reporting this to the Information Commissioner’s Office (ICO) as required under data protection law.”
An ICO spokesperson said: “Graham & Brown Ltd has made us aware of an incident and we are making enquiries.”
Lancashire Police confirmed that they are investigating.