Home / News & Resources / News & Updates / Sensitive employee details stolen in Graham & Brown cyberattack

Sensitive employee details stolen in Graham & Brown cyberattack

  • Posted on

Cyber criminals claim to have obtained sensitive information about employees of decorating supplier company Graham & Brown in a cyberattack that happened in February this year.

In a letter to employees, a representative of Graham & Brown revealed that the company has received direct communication from those responsible for the cyberattack. The criminals claim they hold several files containing UK personnel records of Graham & Brown employees.

It is believed the compromised records contained personal data and sensitive information such as:

  • Names
  • Addresses
  • Contact details
  • National Insurance numbers
  • Bank account details
  • Medical information
  • Passport numbers
  • Driving licence copies

The company has warned those employees potentially impacted that they were at risk from the criminals contacting them, setting up accounts in their names or accessing their accounts.

Graham & Brown has stated that its security systems were immediately reviewed after the cyber attack through the assistance of a third-party security response team. Other matters, including reducing the risk of recurrence and increasing the protection of information, have apparently been addressed by the company.

Graham & Brown have also specified how it is approaching security in the future, including introducing network hardening and multifactor authentication on elevated security network accounts. The company has additionally appointed Crowdstrike, which is a 24/7 hour team that will monitor the network and provide a quick response where needed.

The company has confirmed that it is reporting the breach to the Information Commissioner’s Office (ICO), which is a legal requirement under UK data protection law.

What to do if you are concerned about the Graham & Brown data breach

If you are a victim of the Graham & Brown data breach, they have the legal responsibility to directly contact you to make you aware of the matter so the necessary steps can be taken to protect you.

If you are concerned that your details have been compromised in the breach but are yet to receive a letter from the company, please don’t hesitate to contact them for confirmation.

If your details have been compromised in the Graham & Brown cyberattack, it’s possible that any criminals who have access to your personal data may endeavour to obtain additional sensitive information from you. This could be through communications claiming to represent Graham & Brown or another company.

We recommend questioning all unanticipated communications received by Graham & Brown or any other organisation that reaches out via telephone, text or email. The safest approach is to not click on any untrustworthy links received and take measures to protect yourself following the cyberattack.

It’s crucial to be aware of the tactics used by cyber criminals and how you can protect yourself, whether you are a Graham & Brown data breach victim or not. To find out more, please read our guide on what to do if your data has been stolen in a data breach.

If you have suffered damages due to the Graham & Brown data breach, you could be owed compensation. Our team of data breach lawyers are available to provide advice and support on how you can make a claim to secure the compensation you rightfully deserve.

How Hayes Connor can help you claim compensation for the Graham & Brown data breach

When you allow an organisation to record and store your data, they have a legal obligation to protect your data under the GDPR legislation. GDPR is in place to ensure your personal data is protected from unauthorised third parties, such as cyber criminals. If you have had your sensitive details exposed due to an organisation failing to keep your data secure, you may have a claim whether you have suffered specific harm or not.

At Hayes Connor, we are proud to be one of the largest teams of data breach experts nationally, with a wealth of collective experience in all areas of data breaches. No matter the industry involved or the circumstances behind the breach, we have the right team on hand to provide specialist guidance and support.

During your initial consultation, our team will carefully listen to your personal situation, piecing together how the Graham & Brown data breach has impacted you. Once we are fully aware of what’s at stake, we can provide tailored advice about what can be achieved, including the likelihood of success and the value of compensation you could be entitled to. Our solicitors can then guide you through the data breach compensation claims process.

The team at Hayes Connor recognise the severity of a data breach and how it can seriously disrupt not only your life but that of your family, including mental wellbeing and finances.

You can find out more about our data breach expertise and how we handle claims similar to the Graham & Brown data breach here.

To start a data breach claim, you can use our online claim form.

To speak to a member of our team about the Graham & Brown data breach, please do not hesitate to give us a call on 0151 363 5895.