The ransomware group LockBit has claimed they have obtained 1.4 terabytes of data from Kingfisher Insurance and one of its brands First Insurance. The group says that the stolen data includes personal information belonging to employees and customers. The UK insurer acknowledged it had suffered a breach to its IT systems but played down the amount of information that was stolen. A spokesperson for the company said, "Kingfisher UK Holdings Limited and certain Kingfisher Group subsidiary companies (Kingfisher) are aware that, for a limited period of time, part of their IT systems was accessed by an unauthorised third party."
UPDATE: 201022 - A person acting on behalf of Kingfisher insurance contacted Freevacy yesterday to provide further clarification on the background and to provide a statement:
On background:
- "Kingfisher has concluded that there is no ongoing impact on its business operations."
- "It is impossible for the criminal group behind this incident to have taken 1.4tb of data from the servers they indicated, as they have claimed. This is wholly inaccurate and would be irresponsible to publish."
A spokesperson from Kingfisher UK Holdings Limited said:
“Kingfisher UK Holdings Limited and certain Kingfisher Group subsidiary companies (Kingfisher) are aware that, for a limited period of time, part of their IT systems was accessed by an unauthorised third party. Our IT team took immediate steps to contain the incident by blocking all external access and taking the applicable servers offline. That response, together with our comprehensive backup systems, meant we limited any impact on our systems, operations and the data we hold. We are working with third-party IT security specialists to fully understand what happened. Their investigations to date confirm that a very limited number of non-sensitive files were copied during the incident. Kingfisher has notified the relevant authorities and is taking steps to contact the limited number of third parties involved. Kingfisher had several robust security measures in place at the time of the incident which is how we were able to mitigate any general impact.”
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.
