PFS warns members after CII cyber attack
The Chartered Insurance Institute and its sister professional body for Financial Planners, the Personal Finance Society, have been hit by a cyber attack which has seen some members’ data accessed.
The CII, which holds members data on its servers for the CII and PFS, said that a “limited amount” of personal data was accessed.
The CII and PFS have investigated how the breach happened and the Information Commissioner’s Office has been informed.
PFS and CII members have been urged to be careful when responding to unsolicited emails and to watch for suspicious online activity.
In a statement today, the PFS said: “The Chartered Insurance Institute (CII) informed the Personal Finance Society (PFS) that CII’s IT systems had been accessed by an unauthorised third party, which affected some of our members.
“The Information Commissioner’s Office (ICO) was informed and a detailed investigation launched immediately. This investigation has now been completed and affected PFS members have been informed.”
“We of course take any incident of this nature very seriously and are engaged with the CII on how they are strengthening their cyber defences as an urgent priority. Although we are advised that only a limited amount of personal data was accessed, we would always advise PFS members to be especially vigilant when it comes to their cyber security. The PFS leadership advises all members to continue to be cautious in responding to unsolicited emails and closely monitor for any suspicious or unusual activity.”
Cyber attacks have become a growing problem in the financial services sector.
In March, the Financial Conduct Authority reported that cyber attack incidents had risen 52% in 2021, with 116 reports received.
A third of the incidents reported may have resulted in confidentiality of company or personal data being compromised.
The FCA deems an incident to be material if it results in a significant loss of data, results in the unavailability or control of IT systems, affects large numbers of customers, or results in unauthorised access to information systems.
One in five of the incidents reported to the FCA in 2021 involved ransomware, according to IT security firm Picus Security which submitted a freedom of information request to the regulator. Two thirds (65%) of the cyber incidents reported in 2021 were due to cyber attacks.
The CII/PFS said its cyber attack was not connected to a ransomware attempt.