The Pensions Management Institute data breach is understood to have affected 1,700 people after hackers gained access to the Outlook account of a PMI employee.
We understand that those whose information has been exposed in the attack have been targeted with emails directing them to a third-party website. Victims of the security incident are at an immediate risk of fraud and theft and will need to be vigilant for any contact that they now may receive.
As a leading firm of data breach lawyers, we are used to representing clients for these kinds of cases. The standard tricks that criminals use to steal money and further information can work, and people need to be careful.
About the Pensions Management Institute data breach
The Pensions Management Institute data breach is understood to have taken place on 1st September 2020, according to a statement on the company’s website.
They have labelled the security incident as a “sophisticated” cyberattack that targeted the Microsoft Outlook account for one of their staff.
PMI said:
“the perpetrator using a VPN through a Manchester data centre to gain access to the individual’s email inbox. Once inside, they were able to see a number of member and other stakeholder email addresses”
Investigations into how the attack happened are taking place, and PMI is understood to have reported itself to the UK’s data watchdog, the Information Commissioner’s Office (ICO).
Who has been affected by the security incident?
The Pensions Management Institute data breach has resulted in the details for some 1,700 people being compromised. People affected by the cyberattack have received emails from someone pretending to be PMI itself, asking recipients to click on a link to a third-party website.
This is a standard trick used by criminals and fraudsters where they can dupe people into entering their credentials on a fake website that may look almost identical to the real one. This can provide criminals with real credentials for people to further misuse, or they may ask users to provide even more data or access to bank accounts.
When people receive an email that appears to be from a legitimate company and contains real information for accounts from companies that people use, it can be easy for victims to fall for the trap.
Users of their service are being asked to change their passwords as a matter of urgency. They will also need to be vigilant and take care when it comes to any contact they may now receive, as it could be criminals posing as real organisations looking to steal information or money.
What can you do about the PMI cyberattack?
Victims of the Pensions Management Institute data breach could be entitled to claim compensation with us on a No Win, No Fee basis.
The GDPR can allow victims of a cyberattack to claim compensation for the distress caused by the loss of control of personal information. It can also allow for the recovery of any money lost or paid out as a result of an incident as well.
Whether people could be eligible to claim or not will come down to how the attack happened. If there was more that PMI could – and should – have done to have prevented the cyberattack, that is when people could be eligible for a case. This is a matter we will investigate as part of any cases that we take forward.
Please do not hesitate to contact the team for free, no-obligation advice today.