The global online identity management company OneLogin has reported that they have been the victims of a security breach. On the 31st of May 2017 OneLogin released a statement saying:
"Today we detected unauthorized access to OneLogin data in our US data region. We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident. We want our customers to know that the trust they have placed in us is paramount."
All impacted users should have received an email from OneLogin detailing the steps that they should take to secure their accounts and associated passwords.
This is the type of incident that will have to be reported by any and all UK businesses after GDPR regulations come into effect in May 2018. It also shows that EVERYONE is susceptible and that no company can claim to be immune from this type of incident.
The message here for me is to have a plan in place in case this happens to you.... and if you have a OneLogin account, you should have already reset your passwords including any that have been re-used.
Please contact Cactus IT if you have a business in the North of England and would like some help assessing your corporate data security needs.