Cyber Incident Update

This notice is about a recent cyber security incident that affected our organisation. This notice explains what happened, what information may be involved, and the steps we are taking to protect everyone impacted.​

​

The Cyber Incident

on Monday 24 November 2025 we were the subject of an illegal “Ransomware” incident whereby threat actors unlawfully accessed and encrypted our systems.

​

Thankfully, our cyber forensics experts, Zensec, have now restored our systems safely from data back-ups, and are working to clean all our devices.

​

Thank you for your great patience and assistance during this. Please continue to follow all of Zensec’s advice on using the network and systems for the time being.

​

Personal Data Breach

Zensec are still working to clarify exactly what company information and personal data has been taken and we will update this notice when we know more. However, it is likely that the threat actors managed to take a broad range of company data from our servers and, as a result, it is prudent to assume that some personal data may have been affected.

​

What does this mean for you?

The threat actors may seek to misuse any personal data taken for fraud. In some cases, threat actors also post samples of stolen data on the “Dark Web” as proof. This has not happened yet, and the “Dark Web” is not accessible to typical internet users. Zensec is monitoring this. If any personal data is published on public websites, we have specialist legal counsel advising on any steps we can take to prevent this. We are doing everything we can do mitigate any impact. As well as Zensec securing the system swiftly to prevent further harm, our lawyers are also working to minimise any risk.

​

What Personal Data is affected

It is not certain exactly what data and/or information has been taken.

​

As an employer, we hold various items of personal data for past and existing employees and workers, as you would expect, including: Name, address, contact details, identity documents, salary and bank information, pension information, and other HR information. Staff may also have stored items of personal data on our systems yourself.

​

At this stage it is not possible to say what has or has not been affected. However, as a best precaution we recommend reading the following carefully and take action where necessary:

​

• Monitor your Credit Report for unusual activity: Many people can now see parts of their credit report for free via their banking apps.

• Read the official guidance: The National Cyber Security Centre and the Police (Action Fraud) both publish expert guidance on what steps you can take to protect yourself:
  https://www.ncsc.gov.uk/guidance/data-breaches
  https://www.reportfraud.police.uk/individual-protection/

• Be vigilant: Please watch out for any suspicious or unexpected emails, calls, or messages. Criminals may try to use personal data to send “phishing” messages. These are messages designed to sound legitimate, to cause the recipient to click on a malicious link or attachment. Be cautious over any emails or messages that contain links or attachments and remember to carefully check the sender of those messages before clicking. Do not give out personal information unless you are sure who you are speaking to. If in doubt, hang up and find genuine contact details by searching for the company’s website (do not rely on a web address the caller gives you).

• Protect your Bank Details: Criminals may try to use personal information to trick you into giving them further financial information. They might try to contact you posing as your bank for example. Please regularly check your bank statements and accounts for payments you do not recognise. If you have any suspicions, or receive suspicious calls or messages, contact your bank immediately using authentic and verified contact details. Banks will never call you unexpectedly.

• Use Strong Passwords: And change them regularly. Strong passwords should be fourteen or more characters, and a combination of upper and lower case letters, numbers, and symbols. Use pass phrases (3 random words together) and, if possible, a password manager such as Apple’s Passwords or Norton etc. Do not re-use old passwords. Do not use the same password for multiple sites. Do not use personal information as your password even in combinations (name and date of birth for example).

• Use Multi-Factor Authentication (MFA): Many apps now support “MFA”. This is where you enter a password, and you are also sent a code by SMS or email to further verify your identity. Do not give these codes to any person who requests them, only use them yourself to log-in directly.

​​

What Comes Next

We have notified the Information Commissioner’s Office of the Data Breach, as we are required to do. We have also reported the breach to the Police (Action Fraud). More generally Zensec are hard at work improving and securing our systems for the future, and we will be considering any improvements to our cyber security that they recommend.

​

If you have any questions about the cyber incident or your personal data concerns please do contact:

​

Jack Newmier – Data Protection Officer & Business Development Manager

Ellen Davenport – HR & Operations Director

Steve Davenport – Managing Director

​

We are very sorry that the actions of these criminals may have affected you personally as well as the company. We take security seriously and had a number of cybersecurity products in place, as well as a managed service by an external firm who were also upgrading our protection even further at the time of the attack. Sadly, these attacks are becoming more common, as you can see from the news, affecting companies large and small equally.

​

We are working as quickly as we can to investigate these matters, although they are complex and the criminals try to cover their tracks.