Ordnance Survey hacked: Employees’ data exposed


A hacker stole the personal data of 1,000 employees of the Ordnance Survey (OS), the government-owned mapping agency for Britain.

The agency, which produces digital and paper maps for businesses and consumers, confirmed the breach, but was unable to go into detail about the type of personal details that were compromised.

An OS spokesperson said that fewer than five employees had their bank details “potentially” compromised and no customer data was affected.

The OS discovered the breach during IT checks in January this year, closing it immediately after discovery. OS did not disclose when the breach started. Staff have been notified, with OS providing access to identity fraud protection services to its employees.

GlobalData understands that the hacker compromised the OS email account of its chief financial officer to send payroll files to an external email address. However, the OS spokesperson was unable to confirm or deny this.

In a statement, the OS said: “During IT security checks we identified a data breach which targeted an Ordnance Survey email account. We immediately took action and implemented a number of measures including informing the Information Commissioners Office (ICO). The ICO confirmed that they intend to take no further action in relation to the data breach.

“Investigations have identified that some employee information has been potentially compromised. We are working with all affected employees providing advice and guidance on personal information security. As a precaution employees have been offered access to an identity fraud protection scheme.

“We have no evidence to believe that any customer information has been compromised or that any OS systems were targeted.”

An ICO spokesperson said: “The Ordnance Survey made us aware of an incident. After looking at the details and the remedial actions Ordnance Survey undertook, we provided the organisation with advice and concluded no further action was necessary.”

Rob Scammell, GlobalData’s Verdict Deputy Editor, said: “Phishing attacks are a low-cost, high volume method for cybercriminals to steal personal data. The hack of Ordnance Survey shows that anyone can be targeted, be it a government agency or senior member of staff.”