Third-party mailbox used by the Computacenter got hacked

The third-party mailbox that was used by the employees and contractors of Computacenter to deposit the data for the security clearance applications was hacked, and has been used in the phishing scams. Computacenter, one of the largest resellers in Europe, counts some of biggest names in the financial services among their corporate client base. The company sells to a number of customers of the local as well as central government.

The mailbox has been used for collating data from the individuals, after information relating to those individuals security clearance applications has been deemed to be incorrect or missing. The information requested may include ID data, bank details, addresses, employment history, as well as contact details.

The "attacker" gained the entry and then changed password for mailbox, which the system audit logs shows prevented any further access by the Computacenter. Now, the mailbox was used for sending the phishing emails. "However, these logs cannot tell us precisely what was in the mailbox at the time of the attack or whether the data was exported or just deleted," mail to the staff stated.

After getting aware about this attack, Group Information Assurance compliance methodology was initiated by the Computacenter, thus establishing that the other systems which are connected to security vetting process remain unaffected and "secure workaround processes for security clearance have been implemented".

Computacenter also blocked any more unauthorised access to that mailbox, stopped using that mailbox and advised the users to not send any kind of information to it. The memo to the staff added that "the mailbox will be permanently deleted once the investigation and root cause analysis is completed".

The reseller also would like to re-emphasise that this attack does not happen on the own email system of Computacenter, as this comes as a small consolation to the contractors or employees whose details got exposed in this leak.

The company added that "whilst we believe that the motive for the attack was disruptive rather than exploitative, you should consider the possibility of identification theft or fraud". Depending on type of information that was provided, the staffs were advised to monitor the account statements for proof of unauthorised activity.

Computacenter is also offering a one year complementary ID monitoring service, however the staff and contractors are required to email UK Vetting Team in order to access it.

» SPAMfighter News - 6/14/2019