Amey PLC

Amey PLC is a United Kingdom-based infrastructure management firm whose core services include bin collections and street cleaning, operating within the essential public services sector. The company manages waste and sanitation functions for communities, focusing on the logistical and administrative oversight of these municipal operations. Its work represents a significant component of local government service delivery in the UK, though the precise geographic extent of its operations is not specified in available records. As an infrastructure management entity, Amey handles the day-to-day execution of public hygiene and urban maintenance tasks, which constitute its primary business activities.

In December 2020, Amey was the target of a major cyber attack attributed to the Mount Locker ransomware group. The incident involved the exfiltration and public leakage of 143 gigabytes of sensitive data, including contracts, passport copies, and financial details, alongside a $2 billion ransom demand. The Conti threat group, while not directly responsible for the breach, actively promoted the stolen information, suggesting collaboration or opportunistic exploitation among multiple ransomware ecosystems. Evidence indicates at least three distinct threat actors participated in the attack or its aftermath, a factor that heightened the risk of persistent data exposure and undermined typical assurances of data destruction. This multi-actor involvement amplified the potential for misuse of the compromised personal, financial, and commercial records, exposing significant vulnerabilities in the data security of critical infrastructure service providers. The scale of the data leak and the unprecedented ransom amount distinguished this breach as a severe event within the cybersecurity context of UK public sector contractors.