Sage data leaked by disgruntled employee

Sage is investigating a data breach that may have affected between 200 and 300 large UK companies.
On Monday, shares in the accounting software supplier fell after it was reported that a Sage employee’s login details were used to gain unauthorised access to customer information in recent weeks.
Sage contacted the police over the weekend, and told 200 Sage UK payroll services customers that their information may have been compromised.
The data breach was first reported by the Antisocial Engineer, which said that the customers were notified over the phone, and that Sage's forensic team was not initially aware of what data had gone missing.
The company disclosed in conversation with the security website that the breach had been conducted by an employee and on Wednesday evening City Police tweeted that it had arrested a 32-year-old woman “in relation to the ongoing fraud investigation from the business software company Sage”.
A 32 y/o woman has been arrested in relation to the ongoing fraud investigation from the business firm Sage
— City Police (@CityPolice) August 17, 2016
In a statement to Accounting WEB, Sage said that it was investigating unauthorised access to customer information using an internal log-in. “We cannot comment further whilst we work with the authorities to investigate – our customers remain our first priority and we are speaking directly with those affected.”
Graham Clulely, an expert in computer security, said that disgruntled staff and rogue workers are a risk to any company. “But when your company's business involves handling the financial records of thousands of businesses up and down the country, the stakes are particularly high.”
Technology can help to reduce opportunities for a rogue member of staff to wreak havoc or steal data, but management also needs to be trained in spotting the warning signs and putting procedures in place, Cluley said.
“An obvious one would be to only give staff access to the parts of the network that they need to have access to”, he continued. “Furthermore, have unique passwords, and change them immediately when a member of staff is leaving the company.”
You might also be interested in
I’m a specialist business journalist and have a particular interest in tax and technology.
Replies (3)
Please login or register to join the discussion.
Surely its common sense to remove access to the system as soon as an employee leaves?
I saw the headline on Sunday & read further (having several clients on Sage, I wanted more details to be ready for any questions). The article mentioned that 'employee details' were accessed. I immediately knew that this then was surely was a payroll matter - and not a Sage 50 accounts matter. However that was not mentioned in the press reports. Most people would automatically assume it was accounts & be horrified that this could happen tot heir financial data. Had the clarification been made clear, I suspect many Sage end users would have been assured it did not affect them, instead of potentially causing unnecessary worry & many accountants & Sage themselves may have avoided many phone calls this week. The media really should be more accurate in their reporting. But it's all about sensationalism, isn't it?
It's probably more to do with the media not knowing that there are different versions of Sage. Though I agree that Sage could have made more effort to make sure that the media were made aware.