British designer and manufacturer of PVC window, roof, and door products, said an unauthorized third party was able to gain access to its IT systems and copy sensitive employee data, such as bank accounts and date of birth.
Apparently, the cybersecurity incident happened at the end of July. Eurocell has over 2,000 employees in the UK. It’s unclear whether former employees might have been affected.
According to data protection law expert Hayes Connor, Eurocell sent out letters to employees saying their data was exposed in a data breach.
Employment terms and conditions, personal information (date of birth, next of kin, bank account and national insurance, tax-reference numbers), right to work documentation, health and wellbeing-related documents, learning and development records, and disciplinary and grievance-related documents were exposed.
"We detected the incident promptly and our core systems were restored quickly, with the business remaining operational throughout the period and trading normally from mid-August. We expect our cyber insurance will largely cover the financial impact of the disruption,” DerbyshireLive quoted Eurocell’s CEO Mark Kell as saying.
According to Hayes Connor, Eurocell has claimed there’s no evidence of the misuse of data. However, data law specialist is concerned the data could be exposed on the Dark Web.
The exposed data is of high value to criminals and could be used in, for example, phishing campaigns.
“You should be wary of receiving any unexpected communications, particularly if they appear to have come from someone claiming to represent Eurocell. These could be cleverly disguised phishing attacks that are designed to extract further information from you,” Hayes Connor warned.
More from Cybernews:
Subscribe to our newsletter