The Communications Workers Union (CWU), representing a large number of employees in various sectors of the UK economy, including technology and telecommunications, is struck by a cyberattack.
Initially thought to be a significant IT disruption, the union has now confirmed that it is indeed an attack, and the extent of the damage is still being assessed.
On March 22, the CWU reported that their email services were not functioning, and they have enlisted the assistance of third-party cybersecurity experts who have been on-site since March 21.
As a precautionary measure, some systems have been taken offline.
CWU Tech Trade Union Incident Confirmed to be a Cyberattack
When asked, whether the situation was caused by ransomware, head of communications Chris Webb said: “We don’t know.”
But today Webb said in a statement via WhatsApp, that email systems remain down and:
“We can confirm that The CWU has been the victim of a cyber attack on parts of our IT systems.”
“We have informed the Information Commissioner’s Office and have updated our members.”
“Some CWU member data is held within the IT systems that were targeted. At this point, we do not know if a breach of this personal data has occurred. We have advised members to be vigilant against the risk of phishing emails that they may receive.”
“Our specialist cybersecurity advisers are working on a digital forensic analysis of our systems to determine precisely what has occurred.”
They will also assess what the next steps are and establish timelines to restore the union’s IT infrastructure. The cyber security team will remain on site for the coming days.
Reports from an alleged insider within the CWU made several claims about the extent of the outage last week.
The claims included allegations of compromised finance, payroll, and membership information due to a cyberattack.
When asked about these claims, Chris Webb responded by questioning the source’s credibility, stating that they were “in dreamland” and should not be trusted.
Although it remains uncertain whether any data has been compromised in the incident, the potential impact of a breach at the CWU is noteworthy due to its large membership of 185,000 individuals.
However, it is worth noting that the UK’s data protection authority has confirmed its awareness of the situation.
“The Communications Workers Union has made us aware of an incident, and we are assessing the information provided,”
A spokesperson for the Information Commissioner’s Office (ICO).
According to the reporting guidance of the Information Commissioner’s Office (ICO), organizations are required to report personal data breaches to the ICO only if it is probable that the incident will pose a risk to the rights and freedoms of the affected individuals.
If the threshold is met, the breach must be reported within 72 hours, if feasible, and the individuals impacted must be notified promptly.
