Flagship Group,  the housing association that owns some 31,000 homes in the East of England and employs 1,200 people, has suffered a data breach incident.

In a statement Flagship said

“Despite our quick action, there has been some data encryption and some personal customer and staff data has been compromised.

We do not yet have a complete picture of all the data that has been encrypted.”

The company also said it had “a high level of security measures” in place to protect its facilities, repairs, maintenance and heating departments.

Flagship has tenants in Norfolk, Suffolk, Cambridge and Essex and also builds and sells houses to private owners. In 2017-18, it had an annual turnover of £133.7m.

Flagship revealed that the data breach incident occurred on 1 November 2020 and resulted in most of their systems going offline and leaving very limited services.

It has been reported that the cyber attack was caused by ransomware known as “Sodinokibi” and was the result of a phishing attack.  Cyber-attacks of this nature usually start from a phishing email, which will download software or use an exploit in existing computer programmes to begin the attack.

Flagship immediately launched an investigation, which is ongoing.

Despite acting immediately, Flagship has confirmed that personal data belonging to some customers and staff has been compromised.  As the investigations are ongoing, Flagship cannot yet provide further details at this stage.

Flagship’s Chief Executive said

“we take the privacy and security of our customers and staff data very seriously, and we’re very sorry that it has been compromised.

Over the last few days, the incident has caused considerable disruption to staff and customer services, and we are concentrating on emergency situations, to ensure our customers are safe.

Our teams are working tirelessly around the clock to bring our systems back online, and we apologise for any inconvenience this may have caused.

Flagship is asking customers to let their banks know so accounts can be monitored.”

Flagship’s full statement can be found here.

Flagship has sought advice from the National Cyber Security Centre and National Crime Agency.  The incident has also been reported to the police and the Information Commissioner’s Office.

If you have concerns regarding your personal data, get in touch with our team for advice.