Sage Data Breach Speaks Volumes about Inside Job Attacks

Sage Group is a company that supplies accounting software and cloud-based solutions to millions of customers around the world, but a few hundred of those business customers in the UK have reason for alarm. The company announced it had suffered a data breach, and that an estimated 200 to 300 UK businesses had their complete account information—including all of those companies’ employee information—compromised.

Since Sage works in a cloud-based format, their data breach means the potential for each of those businesses to be breached as well. So far, those smaller companies’ employee records appear to have been targeted, and names, health insurance numbers, and other personal data was compromised.

What makes this one different from any other data breach that happens seemingly every day? The attack at Sage seems to have been an inside job. Someone using internal login credentials accessed the information, leaving the company to investigate who it could have been and what it was they were after.

According to a 2015 report, security professionals saw a 62 percent increase in internal data breach attempts over the course of the previous year. Some theories for these inside job attacks include low salaries that drive the desire to make a quick buck by selling stolen identities, coupled with disgruntled employees who want to “stick it” to their companies. But a far more likely culprit, according to some experts, is the ease with which internal data breaches can happen.

In businesses of every size, industry watchers have discovered unfettered access to large amounts of highly sensitive information, meaning employees at virtually any level within the company can access all of the stored data. Unfortunately, there’s often little to no oversight to alert someone higher up whenever an employee is “snooping” around in the system. Even more troubling is the payoff: complete identities can be sold online for literally a few dollars each, leading the thieves to access as much data as they can in order to make it worth their while.

This breach is another example of why security professionals have called for more restrictions on what data is gathered in the first place, as well as more oversight into who can access it within a company once it’s stored.

At the current time, Sage doesn’t yet know who was responsible for the unauthorized login or what it was they were after. They’ve spent the time in between discovering the incident and the present informing their customers and shareholders of the breach, and working with investigators to discover what went wrong.

Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.



ITRC Sponsors and Supporters 





Go to top


The TMI Weekly

Breaches here, identity theft there and invasions of privacy everywhere... Should you be worried and, if so, how can you protect yourself? Sign up now to receive The TMI Weekly and get the latest hot topics in identity theft, data breaches and privacy and helpful information on how to protect your information.