London, United Kingdom

The organisation is headquartered in the United Kingdom and maintains operations that extend into Hungary, as evidenced by the phishing attack that specifically targeted its Hungarian business unit in January 2024. That incident resulted in a financial loss of approximately €15.5 million, although the company confirmed that no customer, supplier, or employee data was compromised and noted that it retained robust liquidity exceeding €400 million while continuing to generate strong operational cash flow. In response, the organisation immediately reinforced its IT and financial controls across all operations and launched a comprehensive review of systems and processes to improve future security resilience.

In March 2022 the organisation experienced a separate cyber incident involving its recruitment function, where a supply chain attack on a third‑party‑managed recruitment system led to the compromise of personal data belonging to 124 new recruits, including names, birthdates, addresses, qualifications, employment history and family information. The stolen data was subsequently offered for sale on the dark web, prompting the organisation to take its recruitment portal offline for more than a month while an urgent security review was undertaken. Analysis indicated that the attackers likely exploited weak or stolen credentials through phishing, characterising the breach as low‑sophistication but underscoring the growing risk posed by supply chain vulnerabilities. The Information Commissioner’s Office assessed the incident and determined that no further regulatory action was required.

These two events illustrate that the organisation operates in environments where both financial and personnel data are attractive targets, prompting it to adopt heightened security measures and continual process evaluations. The organisation’s ability to sustain liquidity above €400 million and maintain operational cash flow despite the financial impact of the phishing attack reflects a solid economic base that supports ongoing investment in cybersecurity improvements. Its headquarters in the United Kingdom and its involvement in cross‑border operations, including Hungarian activities and defence‑related recruitment systems, suggest a diversified operational footprint that necessitates coordinated security strategies across multiple jurisdictions and business lines. The organisation continues to monitor threats and refine its controls to protect its assets and the information entrusted to it by stakeholders.