Any IT security experts here?

[AMGeed]

A close family member who is head of IT for a global company based in the UK has a big security problem. He has been hacked, or rather his phone with the master password for his companies IT infrastructure has been accessed. He says he stupidly shared it with another member of his IT team and that's when he suspects it was intercepted. He is going crazy with worry about the implications as he access to all staff financial records, pay etc of all the staff worldwide. His family have had their phones and laptops taken to a cybercrime security company while they work on getting control back.

His home router has also been compromised and his families personal details, banking, are at risk. He suspects its ransomware attack although no demands have been made yet.
He is currently cancelling bank cards and advising the bank what has happened should any suspicious activity begin.

My daughter has a dormant website selling kids clothing and that has been taken over and the admin p/w altered. She cannot gain access to that although that is the least of their problems. Two weeks ago she received a call from an unknown number asking if she was the website accounts manager. She said no, it was a one man band and thought no more of it. The website had her phone number that we think may have been hacked to gain info on his number.
I bought him a couple of PAYG sim cards and gave him a couple of old mobile phones to use along with my "clean" laptop.

Would he be OK logging into his router settings to change them along with the router password on my laptop?
He had an interview with the owner of the company today which went surprisingly well considering what could still transpire. He is in huge fear of losing his job and in all probability his career in IT networking.

Any thoughts of what else needs doing whilst this mess is sorted out? His personal security and his families is more pressing right now.
I think he is going into work tomorrow to try and help get back control.
What a mess.

Please don't try guessing the company brand name. It's under the radar now but if it gets into the public domain f knows what could happen.
I'm not even sure I'm doing the right thing even mentioning this.

 

[KillerHERTZ]

Immediately change his WiFi/router password to something tricky and then change the email account passwords before anything else.

As virtually all accounts will be linked to email addresses, simply changing other login passwords without changing email address passwords will be useless, as the 'hacker' can simply change passwords again.

Might even be worth setting up a new email address and then changing all other logins back to that.

Again, without changing email passwords they can just change anything after you have reset it. Email accounts are the key. + Make sure every password is different.

Hope that makes sense!

 

[AMGeed]

^ Understood Karl.
Many thanks

 

[markjay]

The company will have to report it to the ICO:

Report a breach

Under the Data Protection Act, although there is no legal obligation on data controllers to report breaches of security, many choose to do so and we believe that serious breaches should be reported to the ICO. Notification of personal data breaches will become mandatory when the General Data...

ico.org.uk

Also, if the company is based in London then I can arrange an introduction to the City of London Cyber Griffin who can provide assistance in such cases:

Cyber Griffin

Founded by the City of London Police in 2017, Cyber Griffin is an initiative that supports businesses and individuals in the Square Mile to protect themselves from cyber crime.

cybergriffin.police.uk

And last, if they have cybercrime cover, then their insurer should appoint a cybercrime forensic team to mitigate the risk.

 

[fabes]

As above.
If they have policy cover it all comes with breach response and support.

It is a company issue, not a personal one.

He's head of IT though, so he's been spear fished, but hopefully, as it's a global company they will have their CSOP in place

 

[AMGeed]

As above.
If they have policy cover it all comes with breach response and support.

It is a company issue, not a personal one.

He's head of IT though, so he's been spear fished, but hopefully, as it's a global company they will have their CSOP in place

There is a cybercrime forensic team on the case appointed by the company.
But they are more concerned naturally about breaches in company security, but he has been left with trying to change all his two part passwords on 6 different email accounts.
Thought he'd done it late this afternoon , then realised he had a Skype account that needed changing. Went back to his main email and found he was locked out. He could see pings from Russia, China and the USA all trying to access his email. He thinks Microsoft probably locked the account after too many attempts to breach it. He has screenshots of all the logs and IP addresses but they will be through VPN's and spoofed. He now has to sort out his own personal accounts and let the company worry about any possible threats.

He reported this to Action Fraud at his bosses insistence, the police aren't interested and just want to give out a crime number but they are saying because both company and personal data could be compromised, he could be fined? That has got his stress levels up even higher.
I wonder what tomorrow will bring for him.

 

[fabes]

Ensure he has spoken to his insurance manager or their brokers regards the company D&O insurance just in case that 'fine' isn't a throw away comment (which I believe it is).

Poor sod

I don't envy him, but at least he's not the marketing or HR director and he is within his comfort zone of IT.

He should have a geek or two in his Info Sec team that can help him on his personal accounts IF he needs or wants it.

 

[optimusprime]

And talk to the police and action fraud i did and they are very helpfull ,, but cancel and change everything involved

 

[AMGeed]

And talk to the police and action fraud i did and they are very helpfull ,, but cancel and change everything involved

Update.
Action fraud are on the case.
His phone and internet have not been affected. The company know a malware was inserted into their system but it was a random attack, not targeted. The company believe their system is now clean. We got the OK to open up the internet at his home and use the phones that had been taken for examination.
All family computers and phones have been wiped and reinstalled. New passwords for all email accounts changed except the main user. He cancelled his sim card and phone# which is needed for the two part verification to change his password. Fortunately a visit to O2 today has salvaged his number and a new sim has arrived. We will change his passwords tomorrow now we have the ability.

But there has been a big personal fallout. My close relation had a psychotic event on Wednesday evening and had to be sectioned under the mental health act. He is paranoid, believes nobody, and threatened to kill himself. He is being transferred to a psychiatric unit in Bristol 80 miles away this evening.
His wife is distraught with no transport to get there to visit and its a bad time all round. I'm extremely upset about it all.
I could say lots more but now its in the public domain. this is what I'm talking about.

Investigation opened in cosmetic store Lush after cyberattack

Lush has been targeted in a cyberattack earlier this month and is opening an investigation to limit the ...

buzz.bournemouth.ac.uk

This is what hacking can to do to someone totally stressed out with work, little sleep and then a hack. He feels its his fault as IT manager although the company have gone to great lengths to allay this notion. He is in no state to be told this yet.
Be careful out there.

 

[MissyD]

Glad things are beginning to get sorted but so sorry to hear how it has understandably affected you and your family. We are here for you if you need.

 

[Bobby Dazzler]

Update.
Action fraud are on the case.
His phone and internet have not been affected. The company know a malware was inserted into their system but it was a random attack, not targeted. The company believe their system is now clean. We got the OK to open up the internet at his home and use the phones that had been taken for examination.
All family computers and phones have been wiped and reinstalled. New passwords for all email accounts changed except the main user. He cancelled his sim card and phone# which is needed for the two part verification to change his password. Fortunately a visit to O2 today has salvaged his number and a new sim has arrived. We will change his passwords tomorrow now we have the ability.

But there has been a big personal fallout. My close relation had a psychotic event on Wednesday evening and had to be sectioned under the mental health act. He is paranoid, believes nobody, and threatened to kill himself. He is being transferred to a psychiatric unit in Bristol 80 miles away this evening.
His wife is distraught with no transport to get there to visit and its a bad time all round. I'm extremely upset about it all.
I could say lots more but now its in the public domain. this is what I'm talking about.

Investigation opened in cosmetic store Lush after cyberattack

Lush has been targeted in a cyberattack earlier this month and is opening an investigation to limit the ...

buzz.bournemouth.ac.uk

This is what hacking can to do to someone totally stressed out with work, little sleep and then a hack. He feels its his fault as IT manager although the company have gone to great lengths to allay this notion. He is in no state to be told this yet.
Be careful out there.

Thinking of them, an awful situation. Glad things are turning around.

 

[SpikyMikey]

It's a frightening story and just goes to show how tenuous our way of living and doing business has potentially become and the effects it can have when it all unravels.
Wishing all involved all the best.

 

[st13phil]

With a mixture of good fortune and a bit of knowledge I managed to avert an identity theft of my wife’s details around five years ago. The consequences if it had succeeded were unimaginable.

I can completely understand the turmoil your relative is going through, Roger. I hope for his recovery.

 

[Doodle]

This is what we plan and write IT policies for, so that when SHTF at whatever level you're prepared (in so far as one can be) for it. It happens far more than the general public realises - much of the time they get nothing and nobody hears anything about it. Occasionally it's worse, you fix it as best you can and move on - humans are fallible and accidents happen, which is why the first statement is in place.

I hope your relative gets the compassion, help and time he needs to get back on the level. I feel Lush are partially at fault for putting sufficient pressure on him for this to cause such a catastrophic break, but then it wouldn't be the first time their moral compass and duty of care were found lacking.

 

[fabes]

Sorry to hear this all got to him.
Hopefully a cleared head, a little care, some time and a break from it all will reset his compass.

On a practical point, Lush can support with a driver and a car (HR should sort that out) for his wife.

He can have a slow return to work if he and the business agree it's in his best interests.
Plenty of IT (and Cyber Security) work out there if that's the journey he takes instead.

Such burn out is not uncommon, just glad he's been recognised before it was too late (it's been too late twice at my place....)
It's not nice.