Cyber Incident Victim: Ordnance Survey
Date:
Jan 2020
Location:
United Kingdom
Summary
A phishing attack compromised an email account at Ordnance Survey, potentially exposing personal data of approximately 1,000 employees, including bank details for fewer than five individuals. The agency detected the breach during routine IT checks and immediately contained it, notifying affected staff and offering identity fraud protection services. Investigations indicated no customer data or systems were impacted, with the UK Information Commissioner's Office reviewing the incident and requiring no further action. The breach involved unauthorized external transfer of payroll files, though the agency did not confirm specific account compromises. Historical records showed prior security incidents at the organization without data loss.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Ordnance Survey, the UK government-owned mapping agency, identified a data breach during routine IT security checks in January 2020. The organization immediately contained the incident upon discovery, though the exact start date of the breach remained undisclosed. Investigations revealed unauthorized access to an employee email account, which the agency attributed to a likely phishing attack. This method typically involves cybercriminals sending deceptive emails to harvest credentials or distribute malicious links. While Ordnance Survey confirmed the compromise of personal data belonging to 1,000 employees, they specified that fewer than five individuals had their bank details "potentially" exposed. No customer data or core organizational systems were affected by the intrusion.
The agency notified affected staff members and provided identity fraud protection services as a precautionary measure. Ordnance Survey reported the incident to the UK Information Commissioner's Office (ICO), which reviewed the breach and the organization's response before determining no regulatory action was necessary. Internal analysis suggested the attacker may have compromised the chief financial officer's email account to redirect payroll files to an external address, though the spokesperson declined to confirm this detail. Historical records showed Ordnance Survey experienced one confirmed data breach between 2014-2015 and eight additional security incidents without data loss during that period. The 2020 breach remained unresolved regarding perpetrator identification or final disposition of stolen data at the time of reporting.