Perfect Placement, a leading recruitment specialist for the UK Automotive Industry, have been the victim of a ransomware attack carried out by a cybercriminal organisation, they announced earlier this week.

In an email to everyone on their database, Perfect Placement openly admitted the attack may have included the personal data of its client base, and named LockBit as the perpetrator.

LockBit are a threat group responsible for a significant proportion of cyber security attacks worldwide and who recently targeted various UK firms, including Royal Mail International.

In their email they wrote:

"The cybercriminal organisation has contacted us with a ransom demand in return for the release of the stolen data. As a matter of policy, and having taken advice from the police and cybersecurity experts, we will not be held to ransom and will not negotiate with a criminal organisation. We consider that paying such demand will only serve to fund criminal activity and continues to enable such organisations to perpetuate their attacks.

Whilst we appreciate that this may cause concern, please rest assured that we are taking this incident extremely seriously. You do not need to do anything at this stage.

This communication is to explain the details of what has happened (to the extent that we are aware) and the steps that we have taken, and are continuing to take, to protect your personal data and mitigate the risk as much as possible."

The company went on to explain that the data breach was discovered on the morning of March 13, 2023, and was likely to have taken place within 24 hours of discovery.

The cyber security incident involved an attack on their server, which contains certain data relating to clients, suppliers, current and former employees and applicants.

However, much of the personal data held by the company is stored on cloud-based applications and was therefore unaffected by the incident.

The email continued:

“We are still investigating the exact cause of the data breach, with the help of third party cyber security experts, and will ensure to address any outcome of such investigation with the upmost seriousness and urgency.”

Whilst they continue with a detailed investigation, they reported that they are yet to fully understand the nature and extent of the personal data breach. As such, they could not confirm what personal data is involved.

However, it is expected that the personal data involved may include some or all of the following for certain individuals: name, address, email address, job offers or rejections, job title and details of placement, salary information.

They stressed that in most cases, given the nature of their business, they do not store ID information, bank details, payment information, credit card information or any special categories of personal data (as defined under data protection law), so these would not have been affected by the incident.

The hugely transparent email explained how they are taking this incident extremely seriously, and how they have taken a number of steps to protect personal data and to mitigate the risk, including the following:

• They are undertaking a detailed investigation into the incident, including instructing IT providers, cybersecurity experts and external lawyers to understand the nature and extent of the personal data involved.
• They have informed the Information Commissioner’s Office (ICO) of the data breach and are working closely with them to ensure compliance with data protection law.
• They have informed the relevant cybersecurity teams of the regional police force and Action Fraud.
• They are updating their policies and procedures to ensure the protection of the personal data currently held by them and implementing training where appropriate.
• They are carrying out a wider review of their IT systems to address any potential vulnerabilities.
• They are notifying their database now so that they are aware of this incident and can remain extra vigilant

They went on to say that people affected by this should remain extra vigilant and report any unusual or suspicious activity, recommending people be on the look-out for phishing attacks or other types of email fraud.

Finally, the company referred recipients to advice on the National Cyber Security Office (NCSC) website.

This case study highlights the fact that any company - regardless of size or stature - can be targeted by cyber-criminals.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).