Cyber Incident Victim: Connexus Group
Date:
Dec 2023
Location:
United Kingdom
Summary
The housing association Connexus experienced a cyberattack, prompting precautionary system shutdowns while investigations continue. Service disruptions included prioritized emergency repairs and compliance visits, with residents reporting increased scam calls, missed appointments, and communication issues; the organization advised heightened vigilance regarding personal data and noted potential ongoing service alterations during recovery efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Connexus, a housing association managing approximately 10,000 homes across Shropshire and Herefordshire, experienced a cyberattack in December 2023, prompting precautionary system shutdowns. The organization publicly confirmed the incident on December 1, 2023, through its Facebook page and website updates, though details about the attack's origin and full scope remained under investigation at the time of reporting. As an immediate containment measure, Connexus took multiple systems offline while maintaining critical services including emergency repair operations, payment processing, and phone support lines. The landlord implemented service prioritization protocols, focusing on urgent repairs, gas safety compliance visits, and vulnerable customers, while noting that non-emergency services might experience disruptions or modifications. Some residents reported operational impacts including missed maintenance appointments and reduced communication from the association following the incident.
Investigations into the cyberattack's extent and potential data compromise were ongoing as of the December 1 disclosures, with Connexus committing to share additional details upon completing their forensic review. The association issued security advisories urging tenants to exercise heightened vigilance regarding financial information disclosure, particularly in response to unsolicited communications, after multiple residents reported surges in scam phone calls potentially linked to the breach. Service disruptions persisted during the initial response phase, with the organization directing customers to its website for general tenancy guidance while operational recovery continued. The incident occurred within a broader trend of increasing cyber threats targeting UK housing providers, as referenced in industry reports noting that 77% of social landlords considered cybersecurity their top strategic risk in 2022-2023. Connexus maintained its emergency out-of-hours service throughout the disruption while working to restore full operational capacity across all tenant-facing systems.