The ICO’s message comes after the ICO issued a £4.4m fine to a Berkshire based construction company, after an employee forwarded a phishing email (that was not quarantined or blocked by the IT system) to another employee who opened it and downloaded its content, resulting in installation of malware onto the employee’s workstation.
Whilst the firm’s anti-virus software quarantined the malware and sent an alert, the firm failed to thoroughly investigate the suspicious activity meaning the attacker still had access to the company’s systems. As a result, personal data of up to 113,000 individuals was encrypted by the hacker.
Lessons learned from this case include:
The increase in the cost of living is likely to result in an increase in phishing attempts, so firms and advisers should remain vigilant. Click here to read the National Cyber Security Centre guidance on how to defend your organisation against phishing attacks.
© 2025 Association of Mortgage Intermediaries Limited.
AMI is the trading name of The Association of Mortgage Intermediaries Limited which is a company limited by guarantee, registered in England and Wales under the Companies Acts with number 7982341. Our registered address is Celixir House, Stratford Business & Technology Park, Innovation Way, Banbury Road, Stratford-upon-Avon, Warwickshire, CV37 7GZ.
Please note that we are a trade body and, as such, we do not provide mortgage advice to individuals. If you require mortgage advice, please contact an FCA certified mortgage broker who will be able to discuss your needs and advise you fully of your options.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |