Graham and Brown targeted in ‘brutal’ cyberattack

Graham and Brown targeted in ‘brutal’ cyberattack

THE personal details of hundreds of staff members at an East Lancashire company have been compromised in a sophisticated cyber attack.

Bank account details, passport information, names and addresses of people working for Graham & Brown are believed to have been accessed in a criminal attack that occurred earlier this year.

Founded in 1946, the company is the UK’s largest supplier of wallpaper and is based in Stanley Street, Blackburn.

The company employs hundreds of people across the country.

In a letter to employees, a Graham & Brown representative revealed that the company has received direct communication from those responsible for the cyberattack.

The criminals claim that they have several files containing UK employee records.

Lancashire Telegraph:

The company’s chief executive, Andrew Graham, said: “G&B Ltd was the victim of a sophisticated and malicious cyber and ransomware attack on February 23 and as a result all critical business systems were down and the company was unable to function properly for the next two years. weeks.

“G&B’s management team, IT team and their colleagues worked together with expert system recovery specialists over the next two weeks to save the company.

“No ransom was paid and it was an incredible team effort by all G&B colleagues, and it showed that the special culture of collaboration that exists in the company is a huge asset when it comes to critical business projects.

“At this time and since there was no evidence of data being exfiltrated from the system until cybercriminals contacted our US office late on April 25th and left us a message to visit their chat room . We did so the next business day, April 26, and the message shared a list of files (not the files themselves) that the cybercriminals claimed to have.

“We reported this to the police and the ICO and the next morning we called an extraordinary ‘meeting’ to communicate with our management team to explain what had happened.

“Then they shared this information cascading through the business to all colleagues and we met again at 3pm to review and answer questions.”

Mr. Graham said that at the time the company contacted all current and former staff members and created a dedicated email address to ensure they didn’t miss any questions, allowing them to reply promptly. Efficient to any query from staff members.

He added that all colleagues participate in monthly Mimecast cybersecurity training and this was already in place before the attack.

Mr. Graham continued: “The police know the criminals and have shared with us the site where they commonly post stolen data on the dark web.

“At this time there is no G&B data on this site. We are still being threatened by criminals that they can release this data if we don’t give them what they want.

“Since the attack, we paid for the leading 24/7 specialized IT security system: Crowdstrike to protect our business, we changed all passwords on systems and the passwords of colleagues and recommended them all colleagues to change personal passwords to ensure they are strong and unique.”

Everyone associated with the company has been advised to be “very vigilant” for phishing emails, texts and calls and to be extra vigilant for any suspicious activity on their accounts.

He added: “Our approach has been open, honest and helpful to all colleagues in keeping with our culture and to protect and rebuild our systems after they have been victims of sophisticated and brutal cybercrime.

“Our colleagues are honored that we were able to get business back up and running so quickly after such an attack and we are investing in more and better security and training to protect our colleagues and our companies in the future.

“If any CEO would like to engage with me to learn from us firsthand from this ordeal, I would be happy to share what we have learned.”

In the letter the head of human resources wrote: “In February, Graham & Brown suffered a very sophisticated cyberattack on our systems.

“I am sorry to have to tell you that there are some new developments regarding the cyberattack that could affect current employees and some former employees, including you.

“After many weeks of silence, the attackers have contacted us and provided us with a list of files that they claim to have a copy of. This list includes UK personnel records.”

The compromised records are believed to have contained personal and sensitive information such as names, addresses, contact details, national insurance numbers, bank account details, medical information, passport numbers and driver’s license details.

The letter continued: “We believe that your data, including some or all of the above, is part of the potentially stolen data.

“I know this is very disturbing news. In addition to informing you, we are reporting this to the Information Commissioner’s Office (ICO) as required by data protection law.”

An ICO spokesperson said: “Graham & Brown Ltd has made us aware of an incident and we are making inquiries.”

Lancashire Police confirmed they are investigating.

Leave a Comment