Cyber attack on Premium Credit

The cyber attack on Premium Credit  

On Sunday 16th September 2018 at 9.30am, Premium Credit - a number one insurance premium finance company in the UK and Ireland came under cyber attack.

For over 25 years, Premium Credit has helped businesses and individuals pay for their insurance. They provide the finance to pay annual fees such as professional fees, membership subscriptions, commercial service charges, and school fees.

Premium Credit go offline!

The cyber incident on Sunday interrupted services and Premium Credit took immediate action to protect the company, their customers and to start a forensic investigation.

Their website was taken offline and nothing of substance so far has come to light.

Tom Woolgrove -  Premium Credit’s Chief Executive

Premium Credit’s Chief Executive Tom Woolgrove said: “We were notified that we were under a cyber incident and it was a proactive decision that we took to take our systems down in order to protect ourselves and our brokers.”

Brokers and customers took to Twitter to complain about the ongoing situation. Premium Credit responded telling customers that they were experiencing system issues. This was followed by another tweet assuring customers that they will not be ‘disadvantaged’ by the issues that they were experiencing.

Yesterday, (19th September) the latest tweet by Premium Credit, confirmed that they are continuing to restore services and will resume trading ASAP. Ongoing investigations indicate that all customer data is safe & secure.

Penalties and canceled agreements

The company has ensured that there will be no penalty payments if payments have not been received and they will not be canceling agreements.

Insurance brokers

Tom Woolgrove said that Premium Credit had been communicating with brokers on a very regular basis - three or four communications a day. Keeping them informed by email, social media and direct phone calls. However, there have been frustrations by some who feel like they are being left in the dark.

Has there been a data breach?

The Premium credit Chief Executive said that he was very confident that there has been no data breach and that customer data remains safe and secure. They are starting to bring their broker systems back online in a considered way to make sure there is no risk to their brokers and no potential for harm because of the nature of the cyber incident.

The ICO

The incident has been reported to the Information Commissioner’s Office (ICO) and the Financial Conduct Authority (FCA) have also been informed. 

The ICO states that ”not every incident relating to a lapse in the security or integrity of a trust service is a breach”.  Its’ guidance under breach reporting clarifies that ”If there is no harm caused, or there is only a minimal effect, this will not qualify as a breach.”

It appears that potentially hackers have locked Premium Credit out of their system but no data has been stolen but we will have to wait to find out.

The impact of the new GDPR is coming to light more and more each day. It is no doubt leaving some companies shaking in their boots, motivating hackers to become even savvier but in the long run, when the creases are ironed out - people will realise that the GDPR is a good thing.

Adrian McGarry

References:

https://www.insuranceage.co.uk/broker/3604216/premium-credit-explains-taking-system-offline

https://ico.org.uk/for-organisations/guide-to-eidas/breach-reporting/