Interserve

History

2022: Payment of $5 million for data breach of 113 thousand employees

At the end of October 2022, the British construction company Interserve was fined $5 million by the data protection regulator after a group of hackers gained access to the confidential data of 113 thousand employees.

Interserve failed IT cyber attacks phishing email to take appropriate -security measures to prevent, which began with, the Office of the Commissioner for (information ICO) said on October 24, 2022. It all started in May 2020, when one of Interserve's employees forwarded a phishing email to a colleague who then downloaded it and accidentally installed it on the malware company's workstation. After that, the cybercriminal compromised 283 systems and 16 accounts, deleted the company's antivirus solution and encrypted personal 113 data thousand employees.

Large British developer will pay millions for data leakage 113 thousand employees

The company is accused of failing to adequately protect its employees' data. The phishing email was neither blocked nor quarantined in the company's system, and even when the malware was detected by an antivirus solution, Interserve did not investigate further.

According to the ICO, hackers gained access to employee contact details, social security numbers, bank account data and other personal information. In addition, the British department found that Interserve violated the data protection law because it did not conduct proper training of employees, did not provide technical means of protection, and also used outdated software systems and protocols.

This is the second fine that the regulator issued in 2022 for the organization's failure to fulfill its data protection duties in connection with the ransomware virus attack, after the law firm was fined $114 thousand when hackers gained access to 24 thousand court packages containing medical files and witness testimony.^[1]

Notes