01524 727970

[email protected]

UPDATE – NWIFCA Cyber Attack

Further to the News post on 20th November regarding the cyber attack we experienced, the following update is provided.

Following the phishing email that was sent to some NWIFCA contacts from one of our employee’s accounts, we confirmed that the employee’s account had been compromised and immediately removed the attackers’ access. Our IT support provider and independent Data Protection Officer (DPO) were notified straight away. We also located the file that was linked to in the phishing email, and it was deleted.

At this stage, the evidence indicates that the only personal data involved in the incident were email addresses used to distribute the link to the file. The likely purpose of this was to obtain further information from recipients. As a precaution, if any recipients of the phishing email clicked on the link, we recommend that they:

  • Reset the password used to log into their computer (e.g. their Microsoft Windows account or equivalent), and
  • Run an appropriate antivirus / malware scan on the device used to access the email.

Affected recipients may also wish to contact their own IT support provider for any additional advice.

We have found no evidence that any other personal data we hold were compromised, or that any of our databases were accessed. The requirement to notify the Information Commissioner’s Office was carefully considered; our DPO advised that notification was not necessary based on the nature of the attack and the evidence gathered, and this conclusion remains unchanged. We did, however, notify the National Cyber Security Centre, which provided guidance on immediate mitigation and additional security measures, all of which have been implemented.

To reduce the risk of a similar incident occurring in the future, we have introduced additional security measures on our databases and IT systems, including implementing two-factor authentication on systems where it was not already in place. We have also reset all passwords for all relevant accounts held by the affected employee. In addition, we will be reviewing cyber security training for all staff to identify what further training may be required beyond what is already provided.