Personal data belonging to staff and residents has been compromised after a cyber attack wreaked havoc on social landlord Flagship Group.
The 32,000-home housing association, based in East Anglia, confirmed that the “major IT incident” on Sunday 1 November was caused by hackers.
The attack took most Flagship systems offline and skewered many of its services.
In a statement published to its website yesterday afternoon, Flagship said that despite “quick action” to take all its systems offline and “successful” attempts to stop the spread of the attack, some personal customer and staff data has been compromised.
“However, we are yet to have a complete picture of all the data that has been encrypted,” it added.
Residents and employees have been asked to “be cautious” when dealing with calls and emails, while Flagship has implemented extra security measures, with an investigation ongoing.
The landlord said it has reported the crime to the police and notified the Information Commissioner’s Office, Action Fraud, and the Regulator of Social Housing.
It also said it was seeking advice from both the National Cyber Security Centre and the National Crime Agency.
Flagship’s website was still out of operation on Thursday (5 Nov) morning.
David McQuade, chief executive of Flagship, said: “We take the privacy and security of our customer and staff data very seriously, and we’re very sorry that it has been compromised.
“Over the past few days, the incident has caused considerable disruption to staff and customer services, and we are concentrating on emergency situations to ensure our customers are safe.
“Our teams are working tirelessly around the clock to bring our systems back online, and we apologise for any inconvenience this may have caused.”
The cyber attack was caused by a ransomware known as Sodinokibi, which, at the start of the year, had demanded £4.6m from foreign exchange company Travelex following a hack on New Year’s Eve.
The attack on Flagship is the latest in a series of assaults on the social housing sector.
In October, the Chartered Institute of Housing was affected, while Red Kite Community Housing was defrauded out of nearly £1m after falling victim to a cyber scam in 2019.
Are you a social housing professional? Sign up for a FREE MEMBERSHIP to upload news stories, post job vacancies, and connect with colleagues on our secure social feed.