Security specialists at CEL Solicitors, who’ve been hired to investigate the breach, say they believe the data exposed to the malicious actors includes people’s names, dates of birth, bank account numbers and sort codes, National Insurance numbers, passport scans, salary levels, and medical histories. Former and current employees, as well as customers, are affected by the breach.
At this point, it’s believed the whole thing was possible after an employee clicked a link included in a malicious email sent by the hackers and which most likely included a crafted payload facilitating the unauthorized access.
The worse thing, however, is that those potentially affected by the breach haven’t been notified after the incident occurred, so Sandicliffe customers are now strongly advised to check their financial statements and reach out to their banks if they notice anything unusual.
Of course, given that personal details have also been exposed, the Information Commission’s Office has already been alerted, but CEL Solicitors claims “it is believed that no further action will be taken.”
“In the case of Sandicliffe, it is concerning that there appears to have been a significant delay in notifying those who may have had their data breached, but it is essential that you notify your bank as soon as possible if you think you’ve been affected,” CEL Solicitors notes.
“With a total of 10 showrooms, this incident is likely to have affected hundreds, maybe even thousands of people – it’s therefore extremely important for the company, its staff and those customers who have been affected, to remain on alert for any unusual activity with their bank or with other personal information.”
At the point, the name of the hacking group that broke into the network is yet to be disclosed.