In the same week as posting a new trading update, Safestyle UK has been hit by a major cyber attack. According to reports the attack is suspected to originate from Russia.

It has left the company with a number of difficulties with a growing number of customers becoming frustrated and venting on social media about the lack of communication.

“Cyber incident” statement

Safestyle UK released a statement yesterday:

Safestyle, the leading retailer and manufacturer of PVCu replacement windows and doors to the UK homeowner market, reports that it has recently been the subject of a cyber incident in its business.

On becoming aware of the incident, the Group immediately engaged external specialists and has taken precautionary measures with its IT infrastructure, including taking its systems offline whilst it continues to investigate the nature and extent of the incident and implement its systems recovery plan. 

The Group remains operational, continuing to sell, survey, manufacture, install and service its customers although some of our contact centre response times are longer than usual.  All of the Group’s payment processes, including receiving payments from customers which are transacted through third parties, as well as making payments to its staff and suppliers, have continued as normal.

The Group is working with the police and relevant regulatory authorities and will provide further updates as and when appropriate.

Countries in the west, including the UK, have been warned that in response to the growing threat of war in Ukraine, hostile nations like Russia could employ a scatter-gun cyberattack approach on other countries, which could affect companies and businesses. Whether this is indeed hostile activity by Russia remains to be seen. An investigation may be able to pinpoint the origins of the attack.

You can find the original statement on the Safestyle UK Plc website: https://otp.investis.com/clients/uk/safestyle/rns/regulatory-story.aspx?newsid=1547097&cid=656

Breach?

Although interaction with the press has been discouraged, there have been reports that emails and other personal data may have been breached, although nothing is confirmed at this stage as investigations are ongoing.

Reports also say that staff have had no access to emails or phones for three or four days. The company in their own statement also confirmed that they have taken their IT systems down in order to begin recovery plans. They say that the company is still able to sell, survey, manufacture etc, but with critical IT infrastructure shut down or paralysed, this is going to make communication internally and externally to clients much more difficult, which is then also likely to have a wider impact on the daily functions of the business in all departments. Perhaps more than the official statement indicates.

There can be fines measuring in the millions for data breaches of this size. Upwards of £17m. However, leniency is given when the breach is caused by a hacker, rather than an error on the part of the company.

More statements are likely from Safestyle UK in the coming days. The business now faces a tough period after a positive trading update to get the company back up and running in a secure way.

Updates to this story will follow on DGB. 

To get weekly updates from DGB sent to your inbox, enter your email address in the space below to subscribe:

By subscribing you agree to DGB sending you weekly email updates with all published content on this website, as well as any major updates to the services being run on DGB. Your data is never passed on to third parties or used by external advertising companies. Your data is protected and stored on secure servers run by Fivenines UK Ltd.