Nixon Williams in Dec 2022 informs customers about cyber attack in Jan 2022
Had this from them. Months after asking if I was affected.
I am writing to you about a cyber security incident that affected Nixon Williams Limited earlier this year.
The reason I am writing to you now is that we believe that during the incident personal information belonging to you was copied from our systems by an unauthorised third party and subsequently published online.
I want to sincerely apologise for this. In this letter I’ve sought to explain the incident, detail the information involved, provide you with some guidance and outline the steps that have been taken in response.
What happened?
In January, Optionis (the parent company) became aware of a security issue in which a cyber criminal group accessed our IT systems and copied data which they subsequently published on the dark web. We immediately took steps to address the issue, including working with third-party IT cyber security experts to investigate, manage and resolve the incident.
Regrettably, the process of identifying the information that was copied from our systems and published online has taken several months. I am very sorry that it has taken some time to notify you. We worked with highly experienced IT security experts and drafted in a large team of people to carry out the work of analysing the affected data to accurately, and as quickly as reasonably possible, assess the impact on individuals.
What information about you was affected?
We have identified evidence that data copied from our systems relating to you includes:
Name
Address
Date of birth
NI number
What should you do next?
GENERAL
Given the nature of this information, we wanted to let you know about the incident and share some guidance on what you should do next. We recommend that you exercise increased vigilance in all matters relating to your personal details.
In particular, it is good practice to:
We are offering those affected 12 months of credit and identity monitoring at no cost through Experian Identity Plus, the UK’s leading credit monitoring service. The monitoring is purely precautionary but helps detect possible misuse of your personal data and you will be able to receive regular alerts to notify you if there are significant changes on your credit report. The details on how to register for this service are at the bottom of this letter.
Our response and next steps
We take data security very seriously and we are deeply sorry for the inconvenience this incident may have caused. We have responded by taking the following measures:
No organisation can completely eliminate the threat posed by cyber criminals, however, we are committed to learning the lessons from this incident.
We appreciate that you may have some questions once you have had time to read the above. If you would like more information, please call our dedicated assistance line (managed for us by Experian) on 0800 881 5181, Monday to Friday, anytime between 8 am and 6 pm (GMT).
Yours sincerely,
Doug Crawford
CEO, Nixon Williams Limited
Your Complimentary Experian Identity Plus membership
To help you to monitor your personal information for certain signs of potential identity theft, we are offering you a complimentary 12-month membership to Identity Plus. This service helps detect possible misuse of your personal data and provides you with identity monitoring support, focussed on the identification and resolution of identity theft.
The reason I am writing to you now is that we believe that during the incident personal information belonging to you was copied from our systems by an unauthorised third party and subsequently published online.
I want to sincerely apologise for this. In this letter I’ve sought to explain the incident, detail the information involved, provide you with some guidance and outline the steps that have been taken in response.
What happened?
In January, Optionis (the parent company) became aware of a security issue in which a cyber criminal group accessed our IT systems and copied data which they subsequently published on the dark web. We immediately took steps to address the issue, including working with third-party IT cyber security experts to investigate, manage and resolve the incident.
Regrettably, the process of identifying the information that was copied from our systems and published online has taken several months. I am very sorry that it has taken some time to notify you. We worked with highly experienced IT security experts and drafted in a large team of people to carry out the work of analysing the affected data to accurately, and as quickly as reasonably possible, assess the impact on individuals.
What information about you was affected?
We have identified evidence that data copied from our systems relating to you includes:
Name
Address
Date of birth
NI number
What should you do next?
GENERAL
Given the nature of this information, we wanted to let you know about the incident and share some guidance on what you should do next. We recommend that you exercise increased vigilance in all matters relating to your personal details.
In particular, it is good practice to:
- Check that all details for direct debits are up to date, and delete any that are no longer needed;
- Check bank accounts regularly, and contact the bank if you see any transactions you do not recognise;
- Be suspicious if anyone contacts you by email, phone call or text message asking you to confirm your direct debit details; and
- Enable two-step authentication on all your online services.
We are offering those affected 12 months of credit and identity monitoring at no cost through Experian Identity Plus, the UK’s leading credit monitoring service. The monitoring is purely precautionary but helps detect possible misuse of your personal data and you will be able to receive regular alerts to notify you if there are significant changes on your credit report. The details on how to register for this service are at the bottom of this letter.
Our response and next steps
We take data security very seriously and we are deeply sorry for the inconvenience this incident may have caused. We have responded by taking the following measures:
- We launched an investigation led by expert cyber forensic specialists – who also advised us on steps we can take to improve our cyber security.
- We reported the incident to the relevant organisations, including the police and the Information Commissioner’s Office (ICO).
- We have further strengthened our cyber defences by enhancing existing systems and deploying more advanced threat protection measures, including a specialist security monitoring tool.
No organisation can completely eliminate the threat posed by cyber criminals, however, we are committed to learning the lessons from this incident.
We appreciate that you may have some questions once you have had time to read the above. If you would like more information, please call our dedicated assistance line (managed for us by Experian) on 0800 881 5181, Monday to Friday, anytime between 8 am and 6 pm (GMT).
Yours sincerely,
Doug Crawford
CEO, Nixon Williams Limited
Your Complimentary Experian Identity Plus membership
To help you to monitor your personal information for certain signs of potential identity theft, we are offering you a complimentary 12-month membership to Identity Plus. This service helps detect possible misuse of your personal data and provides you with identity monitoring support, focussed on the identification and resolution of identity theft.
Comment