Residents across the north-east have been warned their personal data may have been compromised, after a property management firm fell victim to a cyber attack.
Those living on estates managed by The Property Management Company (PMC) in Aberdeen and Aberdeenshire were sent a letter yesterday, outlining a possible data breach after a member of staff fell victim to a sophisticated phishing attack.
While, thus far, there is no evidence to show whether any data has been taken, residents have been advised to review log-in details and passwords used in conjunction with bank accounts, e-mail accounts and other online sites.
PMC managing director, Richard Burnett, said that the incident revolved around a single e-mail account belonging to a staff member.
However, that person also has access to a shared mailbox, and it is possible that this may also have been accessed as a result of the breach.
The Oldmeldrum-based company became aware of the attack when a series of e-mails were sent from the compromised staff member’s account, both to internal and external recipients.
The e-mails were very similar in appearance to the offending mail the staff member had previously received.
Immediate steps were taken to prevent further access to the staff member’s computer, which was initially thought to have fallen victim to a virus.
However, further investigation revealed that the cloud-hosted e-mail account had in fact been accessed and used by an unauthorised third party.
PMC changed the password for the compromised account, which has stopped ongoing access to it.
The firm’s external IT support provider has monitored the account since the breach was detected on July 5, and confirmed that no further unauthorised login attempts had been made to the account.
After realising that a data breach had occurred, PMC notified the Information Commissioners Office, who are responsible for data protection regulation in the UK, and assisting PMC with the incident.
The company said it will be providing additional IT security training to all staff, with a particular focus on identifying fraudulent e-mails.
In a letter to customers, Mr Burnett apologised for the incident, and added: “We are doing all we can to remedy this situation and ensure this does not occur in the future.”
