The Construction Industry Council (CIC) has revealed its staff’s personal data may have been stolen after it was struck by a cyber attack last month.
The industry body said the “cyber incident” took place on 8 October but was only discovered on 23 October, with the CIC finally securing its servers on Friday (1 November).
“A malicious actor has claimed to have exfiltrated CIC company data with the intention of publishing the data in the public domain,” the organisation said in a statement.
“Fortunately, we hold very little personal data on our IT system and in the majority of cases it will be limited to just email addresses and the first and last names of the contact.”
“A full-scale investigation has taken place and appropriate measures have been taken to ensure the integrity and security of the systems going forward.
“Unfortunately, this cybercrime has kept us offline for six working days and we apologise to anyone affected by our cyber silence over this time.”
The CIC warned people whose personal data it holds to be “extra vigilant against phishing attempts” and not to click on email attachments unless certain of their authenticity.
Earlier this year contractors were warned that there had been a sharp increase in cyber attacks on construction companies and the government has said it is the most likely industry to be targeted.
Writing in Construction News in May, lawyer Charles Maurice outlined some of the key cyber risks to firms as well as measures that can be taken to address them.