Cyber Incident Victim: 51Degrees
Date:
May 2016
Location:
United Kingdom
Summary
A UK-based mobile device detection firm serving major corporate clients was briefly compromised via an unidentified exploit, resulting in unauthorized access to its systems. The company asserted that no personal data, payment details, or contact information was exposed during the incident. Immediate remediation included closing the vulnerability and implementing unspecified additional security measures to prevent recurrence. Authorities were notified, with relevant evidence provided to cybercrime units. The breach remained isolated with no public disclosures or subsequent activity observed following the attack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 8, 2016, between 5:21am and 5:40am GMT, British mobile device detection firm 51Degrees suffered a cyber attack targeting its website. The Reading-based company, whose clients included Unilever, T-Mobile, IBM, Microsoft, Hyundai, Deloitte, and Heineken, detected unauthorized access lasting approximately 20 minutes. Founder James Rosewell notified customers via letter that the breach occurred during this narrow timeframe but emphasized no evidence suggested compromise of personal information, payment details, email addresses, or contact names. The company did not disclose technical specifics regarding the exploited vulnerability or which internal systems were accessed by the attacker. Immediate containment actions included closing the specific exploit pathway used in the intrusion to prevent recurrence.
51Degrees implemented unspecified additional security measures following the incident to harden its website defenses. The company engaged with UK authorities by reporting the breach to the Cyber Crime Action Fraud unit and submitting relevant forensic evidence. No public statements described operational disruptions to client services or financial impacts stemming from the attack. Minimal public discussion or social media activity occurred regarding the breach, with no subsequent disclosures about attacker identity or motives. The incident remained confined to the 20-minute window with no indication of data exfiltration or secondary exploitation based on available evidence.