You are viewing 1 of your 1 free articles
Staff and residents’ personal data has been compromised in a cyber attack at a 32,000-home housing association based in East Anglia.
Flagship Group has confirmed that a “major IT incident” on Sunday, which took most of its systems offline and blighted services, was caused by hackers.
In a statement published to its website yesterday afternoon, Flagship said that despite “quick action” to take all its systems offline and “successful” attempts to stop the spread of the attack, “some personal customer and staff data has been compromised”.
“However, we are yet to have a complete picture of all the data that has been encrypted,” it added.
The cyber attack was caused by a ransomware known as Sodinokibi – the same outfit which demanded £4.6m from foreign exchange company Travelex following a hack on New Year’s Eve.
Residents and employees are being asked to “be cautious” when dealing with calls and emails, while Flagship has implemented extra security measures with an investigation ongoing.
In an FAQs document published this afternoon (attached below), Flagship issued advice for people to inform their banks of the attack and monitor their accounts.
The landlord said it has reported a crime to the police and notified the Information Commissioner’s Office, Action Fraud and the Regulator of Social Housing, as well as seeking advice from the National Cyber Security Centre and the National Crime Agency.
Flagship’s website was still down on Thursday morning.
David McQuade, chief executive of Flagship, said: “We take the privacy and security of our customer and staff data very seriously, and we’re very sorry that it has been compromised.
“Over the past few days, the incident has caused considerable disruption to staff and customer services, and we are concentrating on emergency situations to ensure our customers are safe.
“Our teams are working tirelessly around the clock to bring our systems back online, and we apologise for any inconvenience this may have caused.”
The cyber attack on Flagship is the latest in a series against the social housing sector.
In October, the Chartered Institute of Housing was affected, while Red Kite Community Housing was defrauded out of nearly £1m after falling victim to a cyber scam last year.
Earlier this year, the Scottish Housing Regulator warned landlords about the threat of coronavirus-themed cyber attacks after one housing association was hit by a ransomware attack and others were targeted with phishing email campaigns.
Update: at 12.56pm, 05/11/20 information about FAQs released by Flagship was added to the story.
Already have an account? Click here to manage your newsletters