Following publication on the Conti news site on 19 July 2021 by organised cyber criminals, and subsequent social media mention, listing the corporate victims they have allegedly targeted for financial gain through data theft via the Microsoft Hafnium hack, Keltbray was one of the named organisations. In light of this development, Keltbray would like to remind all its stakeholders of the previous issued guidance, which remains unchanged following this event.
Keltbray today confirms it detected a data protection incident on its information technology systems, which resulted in unauthorised access to data. There is no impact on Keltbray’s business operations.
Although this was a sophisticated operation by organised cyber criminals, seeking to exploit the well-publicised Microsoft breach, to encrypt data and hold Keltbray to ransom, the company has extensive protocols and procedures in place for such an event and had rehearsed for this risk.
Our cyber defences rapidly identified the security breach, and our immediate response and backup procedures prevented effective encryption of data.
Work is ongoing to determine the specific information that was targeted, however we do know there was limited, unauthorised access to some personal data.
As a precaution, all Keltbray employees are receiving identity protection assistance. Further, the Group is advising heightened vigilance and that all necessary precautionary measures be taken by all its stakeholders going forward.
This incident is being thoroughly investigated by the Group IT crisis response team, assisted by forensic cyber security consultants, who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact.
This ongoing work will help us to understand any lessons that can learnt from this incident, but as a minimum, Keltbray’s IT cyber security environment has been further enhanced.
The company is in contact with its employees, customers, partners, the relevant regulatory and law enforcement authorities, and the data protection authorities pursuant to the GDPR (General Data Protection Regulation).
Keltbray takes its data protection obligations very seriously and will continue to uphold the highest standards of integrity and security relating to all information it holds.