A Sage employee could have made off with customer data
Sage can't account for insider risks as it's struck by a data breach
Accounting software firm Sage has been the victim of some manner of data breach, a worrying prospect for customers who use the company's products.
Apparently, data pertaining to around 280 businesses in the UK was accessed – and possibly only accessed, as opposed to actually stolen – by someone from inside Sage (or at least, someone using an internal login at the company).
The picture of what actually happened is far from clear at this point, and it certainly isn't clear what type of data was leaked (or at least viewed – but it's not a huge leap to assume that the person doing the viewing was engaging in this for a reason).
The incident has been reported to both the police and ICO, and Sage has taken the step of notifying the customers who may have been affected. So if you haven't heard anything as yet, you should be in the clear.
Investigation underway
A spokesperson for Sage told the BBC: "We are investigating unauthorised access to customer information using an internal login. We cannot comment further whilst we work with the authorities to investigate – but our customers remain our first priority and we are speaking directly with those affected."
Generally, data breaches are the result of an external hack, although this just goes to show that possible internal threats and potential rogue staff members should always be considered. And sometimes, the ammunition used for an external hack will have been provided by an insider, anyway.
Presumably, we'll hear more from Sage on what data might have been involved, what's happened to it, and how this incident actually unfolded in due course.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
As we saw recently, MPs have recommended that the ICO should be given the power to impose a range of escalating fines on companies that suffer from data breaches, meaning continued security leaks would mean greater fiscal penalties.
Whether the ICO will find Sage at fault in this case remains to be seen.
Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).