29 April 2019
On Saturday 9 and Thursday 21 March, systems at our HQ in Leatherhead were subject to a malware attack which impacted a number of our databases and servers. As a result, our internal website The Hub was disabled and we were unable to update this site. Some local Federation websites have also been affected.
We were alerted to the first incident – which only affected PFEW's HQ – at around 7pm on 9 March through our own security systems, but the second attack affected the majority of our branches.
On becoming aware of the attacks, we immediately disconnected our network to stop further spread before reporting them to the National Cyber Security Centre (NCSC), the National Crime Agency (NCA) and the Information Commissioner's Office (ICO).
Following the first attack we instructed BAE Systems, a leading forensics firm, to assist with the response. It is continuing to work with us and were on site during the second attack.
There is no evidence any personal data has been extracted from the PFEW at either the HQ or any of our branches, however, we cannot rule this out and investigations continue. While we consider at this stage the risk of data being extracted or misused is low, we alerted members as to the potential risk at the earliest opportunity.
The complex matter is the subject of a criminal investigation and we have had to liaise carefully with relevant authorities as to the information that can be made public, therefore we were unable to notify members sooner.
National Chair, John Apter, said: “The impact on PFEW systems is significant and I want to offer my reassurance that we are doing everything possible, working with the National Crime Agency and BAE Systems – who are experts and professionals in this type of criminal activity – to stop any further damage.
“The necessary steps were taken to tackle the first attack and re-establish business and support for our members.”
Indications are that the first attack was not targeted specifically at the PFEW and was likely part of a wider campaign, but we cannot speculate as to the second attack at this stage.
Mr Apter continued: “Everyone and anyone is vulnerable to cyber attacks like this and unfortunately the reality is that once hit, you can become the target of further attacks.
“Our priority remains to secure and stabilise the situation in order to get back up and running as soon as possible, with our members at the forefront of all decisions that are being made.”
The NCSC recommends PFEW members be vigilant to suspicious emails, texts and phone calls.
Those concerned about fraud or lost data can visit Action Fraud or call 0300 123 2040.
Advice can also be obtained from the National Cyber Security Centre.
For more information please read our cyber attack FAQs.
Please be aware that the website is still under reconstruction following the cyber attacks so you may not find all the content you are looking for but it should be added in due course. If you have any queries please contact us.