Interserve hit with £4.4m fine after cyber attack

Grant Prior 2 years ago
Share

Interserve Group Ltd has been fined £4.4m by the Information Commissioner’s Office (ICO) for failing to keep personal information of its staff secure.

The fine follows a breach of data protection law in May 2020 when the company failed to put appropriate security measures in place to prevent the cyber attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.

The compromised data included personal information such as contact details, national insurance numbers, and bank account details.

The ICO said: “An Interserve employee forwarded a phishing email, which was not quarantined or blocked by the company’s system, to another employee who opened it and downloaded its content.

“This resulted in the installation of malware onto the employee’s workstation.

“The company’s anti-virus software quarantined the malware and sent an alert, but Interserve failed to thoroughly investigate the suspicious activity. If they had done so, Interserve would have found that the attacker still had access to the company’s systems.

“The attacker subsequently compromised 283 systems and 16 accounts, as well as uninstalling the company’s anti-virus solution. Personal data of up to 113,000 current and former employees was encrypted and rendered unavailable.

“The ICO investigation found that Interserve failed to follow-up on the original alert of a suspicious activity, used outdated software systems and protocols, and had a lack of adequate staff training and insufficient risk assessments, which ultimately left them vulnerable to a cyber attack.”

The ICO issued Interserve with a ‘notice of intent’ – a legal document that precedes a potential fine. The provisional fine amount was set at £4.4m. Having carefully considered representations from Interserve, no reductions were made to the final fine amount.

Interserve plc went into a pre-pack administration in March 2019 and was rebranded as Interserve Group. A break-up followed with Interserve’s facilities management business sold to Mitie in December 2020 and RMD Kwikform sold in October 2021 to Altrad.

In March 2021 Interserve rebranded its construction and engineering business as Tilbury Douglas.

An Interserve statement said: ‘”Interserve has worked extensively with the Information Commissioner’s Office (ICO) and the National Cyber Security Centre since first reporting the cyber incident in May 2020.

“Interserve strongly disputes that its staff and the company’s response were in any way complacent.

“Interserve took extensive steps to resolve the incident, engaging leading cyber response companies, and made significant investments across its operating companies to mitigate the potential impacts of the cyber incident on its past and present staff.

“It also sought to reduce the risk of future incidents and successfully facilitate the safe and effective ongoing operations of Tilbury Douglas and the facilities management business acquired by Mitie Group PLC.

“Interserve will continue to prioritise the interests of its past and present staff, counterparties and other stakeholders while engaging with the ICO to resolve their investigations”

Latest news

Wates wins fit-out for Manchester First Street Hub

Smartspace arm secures another Government hub deal
20 hours ago

Big trade names dropped in M Group rebrand

Acquisitive group formed from Morrison Utility services in 2016
18 hours ago

Breyer Group files administration notice

Staff hope rival firm could buy assets and save jobs
23 hours ago

Peel Ports reveals winners for £750m framework

18 firms win places on deal: Full list
21 hours ago

Former Severfield director takes helm at Embrace Steel

New CEO Martin Kelly aims to step up expansion of steelwork contractor
23 hours ago

£302m upgrade funding awarded to FE colleges – list

Cash shared out between England’s 179 college groups
23 hours ago

FK Facades thrives but construction arm hit by ISG row

Dispute with failed contractor costs specialist £5.5m
24 hours ago

Galliford Try gets go-ahead for Milton Keynes PRS tower

33-storey tower needs gateway 2 approval before work can start
2 days ago

Small house builders get £150m funding for green homes

Developers will have to meet-up to ten new criteria to benefit from interest rate discounts
23 hours ago

Lendlease Construction renamed Bovis

US private equity firm completes £35m purchase of UK contracting business and rebrands
2 days ago

Breyer Group battles for survival as rivals circle

Housing maintenance firm fights three winding up petitions in a month
2 days ago

Careys facing £2.4m claim by developer over demolition cartel

Giant Hong Kong developer claims it was overcharged on Lots Road Power Station job
2 days ago

Multiplex profit drops a third as revenue rises to £780m

Spate of new orders sets contractor up for three years of work
2 days ago

Galliford Try and Breheny land latest Sizewell C road deals

More infrastructure deals for new nuclear power station
3 days ago

Worker trapped in collapsed septic tank pit

Contractor and director fined after worker suffers multiple fractures
2 days ago

Homes England buys stalled Broad Marsh site

Demolition to finally be completed as developer hunt begins
2 days ago

Vistry go-ahead for 353 homes at Rochester Riverside

Work to start on next phase of Kent town regeneration at end of this year
3 days ago

M&E firm J S Wright collapsed owing £19m

Trade creditors hit for £11.4m by employee-owned Midlands firm
3 days ago

Right to work checks to be extended to self-employed

Government plans crackdown on illegal working and rogue employers
3 days ago

Midlands developer turns to London with £1bn resi schemes trio

SevenCapital plans 1,000 flats in Kensington, Islington and the Isle of Dogs projects
3 days ago

Deck falls off huge scissor lift at Winvic site

Two men seriously injured as platform plunges to the ground
6 days ago

Weston targets Build to Rent with new division

Weston Partnerships signs first deals with asset managers and councils
3 days ago

Bouygues seals deal for £119m Cardiff college campus

Construction to start in June on two new buildings
6 days ago

£140m cash injection to speed-up flood defence schemes

Funding part of £2.65bn investment over the next two years
3 days ago

Bid race starts for £15bn schools framework refresh

DfE throws framework open to more contractors
6 days ago

Berkeley’s £600m Borough Triangle project approved

Controversial scheme features two towers of 38 and 44-storeys
7 days ago

London Mayor calls in blocked 600-bed student scheme

Refused 20-storey London PBSA block may still be built
6 days ago

HG to build 500-bed London Stratford student scheme

Work will start later this year subject to gateway 2 safety approval
7 days ago

Arrest after pedestrian death on construction site

Tragedy during site preparation works for new Wigan car park
6 days ago

British Steel threatens closure of Scunthorpe blast furnaces

Chinese owners say sectional steel and rail supplies will be maintained
7 days ago

Contractor services