GRS was the target of a sophisticated cyber-incident in March 2022. We discovered that some data relating to current and former employees was copied from our systems during the incident and then leaked online.
We immediately took steps to address the issue, including working with third-party IT cybersecurity experts to help investigate, manage and resolve the incident. We reported the incident to the relevant organisations, including the Information Commissioner’s Office (ICO). We are in the process of notifying all those people impacted in line with our legal obligations and we are liaising with them directly to provide support and guidance.
The complex process of identifying what information was copied from our systems and published online has taken several months. We drafted in a large team of specialists to complete the work of analysing the affected data so we could accurately, and as quickly as reasonably possible, assess the potential risk to individuals.
As soon as we became aware of the issue, we made the decision to shut down our systems and rebuild them in a safe and secure way. We have further strengthened our cyber defences by enhancing existing systems and deploying more advanced threat protection measures. These include completing the roll-out of specialist threat detection and remediation tools. In addition, we have implemented a programme of IT Security Awareness Training to all IT users within the business.
We will continue to take further steps to enhance our security to reduce the likelihood of something like this happening again. For further information email news@grsroadstone.co.uk.
