London-based fund administrator Mainspring has been hit by a data breach after a cyberattack saw hackers gain access to its IT system. Mainspring provides outsourced custodian and nominee services relating to enterprise investments.
The company notified clients during the week commencing 18th July that it had suffered a breach after falling victim to a ransomware attack on 12th July.
Mainspring told all its clients that their assets and money are not at risk but did advise that some personal data may have been compromised, including:
- Residential addresses
- Work email addresses
- Location data
- Corporate bank details
- Details of investment holdings
The company said it had reported the data breach to Action Fraud, the Financial Conduct Authority and the Information Commissioner’s Office.
At the time of writing, Mainspring wasn’t aware of how the hackers accessed its IT system or the precise number of its clients affected.
In an update provided after disclosing the data breach, Mainspring wrote: “We don’t yet know the extent of this or whether investor/contact data was included.
“Our advice to impacted parties remains the same and to continue being vigilant for suspicious or unusual activities.”
However, the company did say that early investigations revealed that “some data has been exfiltrated from the IT system.”
Such a company being targeted by hackers is nothing new, especially if there may be potential to target Mainspring clients with phishing emails posing as the company to try and extract money or commit various acts of fraud.