Swift action

Published: 20 June 2024

A device belonging to a construction company was compromised, which resulted in hackers gaining access to the company’s email mailbox.

Background
A device belonging to a construction company was compromised, which resulted in hackers gaining access to the company’s email mailbox. 

When it became aware of the breach, the company immediately contacted all affected customers to inform them that they may be at risk of receiving phishing emails. Following the incident, the company added two factor authentication (e.g. requiring staff members to use a second, trusted,device to complete a secure sign-in) to all its devices.

Learning points
  • Acting quickly when you become aware of a breach can make all the difference to the people whose information has been exposed. In this case, the ODPA was encouraged to see the company taking swift and proactive action to protect its customers and contacts from potential financial fraud. This demonstrates the company taking accountability for its data.
  • With cybercrime on the increase, it is important to remember that staying one step ahead of criminals requires a dynamic (rather than static) approach to data protection and cyber security. It is not enough to adhere to best practice and then sit back thinking your work is done. Threats should be monitored regularly and responses taken accordingly to mitigate risk.