14 DAY TRIAL // UK-based software giant Sage blamed a recent data breach that came to light over the weekend on an attacker using an internal login to access the details of around 300 customer enterprises.
It is not clear yet if a rogue employee accessed the data with malicious intent, or an attacker compromised the employee's credentials and used them to steal data from the company's servers.
Sage didn't handle the breach the correct way, says expert
According to Richard De Vere, social engineering expert at security firm The Social Engineer, Sage detected the breach last week and started notifying customers on Thursday, August 11.
Two days later, De Vere made the breach public on his blog, criticizing some of Sage's techniques in handling the incident.
The security expert pointed out that the company should have sent emails to customers, instead of calling them.
The reason to use emails is that all clients are notified at the same time and can take defensive measures right away. Additionally, the email is stored on a server and can be referenced and consulted later for additional information, something a person taking the call could not do if they had not written down all details.
Sage confirms use of internal login during data breach
In a phone call conversation following his blog post, a Sage spokesperson confirmed to De Vere that the incident had occurred because of an insider breach.
The Sage spokesperson also told De Vere that the forensics team had not yet established what exactly the attacker had accessed and how many clients had been affected.
The next day, on Sunday, August 14, Sage put out an official statement regarding the incident:
“ We believe there has been some unauthorised access using an internal login to the data of a small number of our UK customers so we are working closely with the authorities to investigate the situation. Our customers are always our first priority so we are communicating directly with those who may be affected and giving guidance on measures they can take to protect their security. If you have any concerns at all, you can reach us on the following contact details: The dedicated helpline number is 0845 145 3345 – please leave a message with your details and we will get back to you as soon as we can. You can also get in touch with us by emailing us at [email protected]. ”
Sage, who makes accountancy software, holds information about many UK companies and their staff.Personal data may have been exposed
Some of the data usually stored in its software includes details such as addresses, national insurance numbers, names, date of birth, bank account details, and salary information.
The company says it contacted UK authorities, who are now helping it investigate the breach and track down the source of the unauthorized access.
In the meantime, until Sage releases a list of affected customers, De Vere recommends that companies that use Sage's software warn their employees about a possible increase in phishing emails, vishing calls, and smishing SMS messages that may contain their personal details in an attempt to uncover login credentials or other information.