Sodexo Data Breach

Posted by ep273 at Oct 16, 2018 12:20 PM |
Please read this important information regarding a recent data breach.

If you are registered with Sodexo on any of their platforms (lifestyle, Childcare and Cycle2Work) they have now confirmed that there has been a data breach.  You should have received an e-mail from them on either Friday 12 October or Tuesday 16 October, explaining this which includes an update on their investigations and consequences of the breach.  Sodexo have reported this breach to the Office of the Information Commissioner (ICO) and have informed us that at this time they believe that the information that has been breached includes name, email and home addresses.

We would like to assure you that we are in regular contact with Sodexo and we are monitoring the situation very closely to inform any future decisions we make.  The following immediate actions have been taken by the University:

•      We will not be informing Sodexo of our new starters, therefore effectively the benefits portal is closed to new starters

•      We have instructed Sodexo not to move any of our existing staffs’ data onto their new platforms

•      We have requested that Sodexo keep our registered employees informed of developments

The information breached has already been used to send convincing looking phishing e-mails to staff across many organisations who had registered with Sodexo. The e-mails sent so far have been fake “shipping notification/confirmation” messages which contain both name and home address and include a link within the message. Clicking on the link will attempt to download malicious code to the computer the e-mail is read on. It is extremely likely further phishing e-mails will be sent. These may be slightly different but are likely to include the same personal information (name, home address) to make them appear to be authentic.

Please be vigilant and if you receive these or any other similar e-mail messages to your work or personal addresses, delete them immediately. Do not click on the link within the message itself. Our IT Services department has blocked access to the link in the email from the campus network. However, it will still be available if you are accessing it from a mobile network, the cloud wireless (even on campus) or any other network such as your home broadband.

If you have clicked on the link from any device, including personal devices, you must contact the IT Service Desk as soon as possible by phone, extension 2253 so that they can advise.

Share this page: