Ordnance Survey hacked, reports GlobalData

The OS is reported as having discovered the breach during IT checks in January this year, closing it immediately after doing so

Posted 25 February 2020 by Gary Flood

A hacker has successfully stolen the personal data of 1,000 employees of the Ordnance Survey (OS), the UK national government-owned mapping agency.

The news was broken yesterday afternoon by the technology news site of analyst firm GlobalData, Verdict.

The agency, which produces digital and paper maps for businesses and consumers, confirmed the breach, but told the journalists at Verdict it was unable to go into detail about the type of personal details that were compromised.

An OS spokesperson is quoted in the story as saying that fewer than five employees had their bank details “potentially” compromised and that no customer data was affected,

The OS is reported as having discovered the breach during IT checks in January this year, closing it immediately after doing so. OS did not disclose when the breach started. Staff have been notified, with OS providing access to identity fraud protection services to its employees.

GlobalData understands that the hacker compromised the OS email account of its chief financial officer to send payroll files to an external email address. However, the OS spokesperson the site interacted this was apparently “unable to confirm or deny this”.

In a statement, the OS said: “During IT security checks we identified a data breach which targeted an Ordnance Survey email account. We immediately took action and implemented a number of measures including informing the Information Commissioners Office (ICO). The ICO confirmed that they intend to take no further action in relation to the data breach.

“Investigations have identified that some employee information has been potentially compromised. We are working with all affected employees providing advice and guidance on personal information security. As a precaution employees have been offered access to an identity fraud protection scheme.

“We have no evidence to believe that any customer information has been compromised or that any OS systems were targeted.”

An ICO spokesperson is also quoted as saying that, “The Ordnance Survey made us aware of an incident. After looking at the details and the remedial actions Ordnance Survey undertook, we provided the organisation with advice and concluded no further action was necessary.”

Rob Scammell, GlobalData’s Verdict Deputy Editor, said: “Phishing attacks are a low-cost, high volume method for cybercriminals to steal personal data. The hack of Ordnance Survey shows that anyone can be targeted, be it a government agency or senior member of staff.”