On Sunday 1 November 2020, a major IT incident occurred, taking most of our Group systems offline, and limiting some of our services. On discovering this, as a precautionary measure, we immediately took all our systems offline to prevent the issue spreading further across our network.

Whilst the investigation is still ongoing by internal and external specialists, we can confirm that the incident was caused by ransomware, known as Sodinokibi via a suspected phishing attack.

We have continued to proactively take steps to contain the spread of the ransomware, which have been successful. However, we can confirm that despite our quick action, there has been some data encryption, and that some personal customer and staff data has been compromised, but we do not yet have a complete picture of all the data that has been encrypted.

Having completed the containment stage of our remediation process, detailed forensic analysis is fully underway, and we are now working towards recovery of all our systems. We have been able to restore several internal systems and are now working towards resuming normal operations as quickly as possible.

David McQuade, Chief Executive of Flagship Group said: “We take the privacy and security of our customers and partners data very seriously, and we’re very sorry that this has been compromised. Over the last few days, the incident has caused considerable disruption to our staff and customer services, and we are concentrating on emergency situations, to ensure our customers are safe. Our teams are working tirelessly around the clock to bring our systems back online, and we apologise for any inconvenience this may have caused.

“We have implemented further security measures to help prevent similar issues but as you are aware this is an ongoing world-wide issue that we all face and have to be prepared for – we welcome a broader discussion with our stakeholders in the future to share our experience to help tackle cybercrime.”

Flagship has reported the crime to the Police who are conducting their own investigations. The Group has also notified the Information Commissioner's Office (ICO), Action Fraud and the Regulator of Social Housing, and sought from the National Cybersecurity Centre and National Crime Agency.