A Sage employee could have made off with customer data

Sage can't account for insider risks as it's struck by a data breach

Sage One

Accounting software firm Sage has been the victim of some manner of data breach, a worrying prospect for customers who use the company's products.

Apparently, data pertaining to around 280 businesses in the UK was accessed – and possibly only accessed, as opposed to actually stolen – by someone from inside Sage (or at least, someone using an internal login at the company).

The picture of what actually happened is far from clear at this point, and it certainly isn't clear what type of data was leaked (or at least viewed – but it's not a huge leap to assume that the person doing the viewing was engaging in this for a reason).

The incident has been reported to both the police and ICO, and Sage has taken the step of notifying the customers who may have been affected. So if you haven't heard anything as yet, you should be in the clear.

Investigation underway

A spokesperson for Sage told the BBC: "We are investigating unauthorised access to customer information using an internal login. We cannot comment further whilst we work with the authorities to investigate – but our customers remain our first priority and we are speaking directly with those affected."

Generally, data breaches are the result of an external hack, although this just goes to show that possible internal threats and potential rogue staff members should always be considered. And sometimes, the ammunition used for an external hack will have been provided by an insider, anyway.

Presumably, we'll hear more from Sage on what data might have been involved, what's happened to it, and how this incident actually unfolded in due course.

As we saw recently, MPs have recommended that the ICO should be given the power to impose a range of escalating fines on companies that suffer from data breaches, meaning continued security leaks would mean greater fiscal penalties.

Whether the ICO will find Sage at fault in this case remains to be seen.

Article continues below