The company said personal data on employees at hundreds of UK customer businesses was accessed
British software firm Sage has confirmed it is investigating a case of “unauthorised access” to data that it said occurred at some point in the past few weeks.
Sage, which makes business software including accounting and payroll programs used by customers in 23 countries, said police are investigating the breach and the data protection regulator, the Information Commissioner’s Office (ICO), has been informed.
The incident involved personal information relating to employees at 280 UK businesses that are customers of Sage, such as employee bank account details and salary information, and the data may have been either stolen or merely viewed, according to a number of media reports citing unnamed people with knowledge of the investigation.
The data was accessed by someone using an “internal” login, according to Sage.
The company said it has notified the businesses affected and has advised them to watch for any unusual activity.
“We are investigating unauthorised access to customer information using an internal login,” Sage said in a statement. “We cannot comment further whilst we work with the authorities to investigate – but our customers remain our first priority and we are speaking directly with those affected.”
Computer security experts said data breaches caused by internal actors are a growing problem due to the increasing amounts of sensitive data companies handle.
As a result they advised organisations to put into place user-centric identity and access management programmes.
A recent IDC study found that only 12 percent of the businesses surveyed were highly concerned about threats posed by malicious insiders, with only 27 percent concerned about poor end-user security practices.
Are you a security pro? Try our quiz!