Cyber Incident Victim: RWS Holdings PLC
Date:
Apr 2023
Location:
United Kingdom
Summary
RWS Holdings PLC experienced a cyber incident involving unauthorized external access to a legacy project management workflow application. The company immediately enacted contingency protocols, shut the application down, and appointed external cybersecurity experts to investigate. Evidence confirmed the access was restricted to that single application, which has since been securely restored. The affected individuals were contacted and offered support. The financial impact and incremental costs to RWS are not expected to be material.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around April 20, 2023, RWS Holdings PLC discovered evidence of unauthorized external access to a legacy project management workflow application. This application supported a small portion of the company's Regulated Industries division. Its primary function was for the project management of customer work, and it was specified that the application did not contain any customer-created content. Upon discovery of this unauthorized access, RWS immediately enacted its contingency protocols. A key component of this initial response was the temporary shutdown of the affected application to isolate the threat and prevent further access.
The company promptly appointed external cyber security experts to conduct an investigation into the full circumstances and scope of the incident. This external analysis was crucial for determining the extent of the breach and identifying what, if any, data was compromised. The investigation conducted by these experts confirmed that the evidence of unauthorized access was restricted solely to the specific legacy application that had been targeted. No other systems or any other part of the RWS Group network were found to have been affected by this incident, containing the breach to a single point of entry.
Following the investigation and confirmation of the incident's limited scope, RWS took steps to contact all the individuals and organizations that may have been affected by the unauthorized access to the application. These parties were advised of the specific steps they should take in response to the incident. Furthermore, RWS offered support to these affected parties where it was deemed appropriate. The company also initiated procedures to comply with all relevant regulatory obligations stemming from the security breach. As a part of this regulatory compliance process, RWS formally notified the UK's Information Commissioner's Office of the incident.
With the investigation complete and containment measures verified, RWS securely restored the affected legacy project management workflow application. The application was returned to an operational state following this restoration process. The company publicly confirmed that the application was back online and functioning within its secure infrastructure. Throughout its communications, RWS emphasized that the operational impact of the incident was limited due to the application's isolated nature and its lack of stored customer content.
From a financial perspective, RWS provided an initial assessment indicating that the incident was not expected to have a material impact on the company's finances. This assessment included both any potential financial impacts from the breach itself and the incremental costs associated with the response, such as engaging external cybersecurity experts, conducting the investigation, and implementing restoration efforts. The company maintained that based on its current estimates, these costs would not be significant to its overall financial standing. This incident occurred just prior to the planned release of the company's half-year trading statement, which remained scheduled for April 25, 2023, suggesting no major disruption to its financial reporting cadence.