The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Amey IT Security Attack Still Unresolved

Amey IT Security Attack Still Unresolved
26 January 2021

A “complex IT security incident” of Amey’s systems in December 2020 remains unresolved, meaning parts of their system are still offline.

As stated on, certain garden waste collection customers are unable to make payments due to this issue. This includes residents of Surrey Heath and Woking, but bin collections are continuing as normal.

Amey is one of the top five support services suppliers in the UK, employing 16,000 people, and is responsible for managing the UK’s defence estate,  as well as delivering other utilities services.


Mount Locker Ransomware Group 


As published by Security Report, the attack was orchestrated by ransomware group Mount Locker. Leaked documents present in the dump published by Mount Locker includes: contracts, financial documents ,NDAs, correspondence between Amey and government departments, scans of passports, driving licenses, and identity documents of company employees and directors and financial reports.

Security Report confirmed on 3 Jan 2020 that the total stolen data is about 143 GB in size, of which 50 per cent has now been published on their leak site.


No Residential Data at Risk?


A spokesperson for Amey told ThisWeekinFM:

“Late last year, Amey became aware of a complex IT security incident and based on our investigations to date, a portion of our data was compromised. We have reported the incident to the Information Commissioner’s Office, the National Cyber Security Centre and the National Crime Agency.

“We continue to work with world-leading cyber-security experts to manage and assess the impact of this incident and are liaising with clients to keep any disruption to a minimum.”

According to Amey, “based on investigations to date, there is no evidence to suggest that any resident personal data has been impacted by the incident.”

Picture: a graphic of some padlocks

Article written by Ella Tansley | Published 26 January 2021


Related Tags

Related Articles

Reported Ransomware Incidents in UK Doubled in 2023

A Freedom of Information request has revealed that there was a resurgence in ransomware-related incidents following a quieter 2022.   In the first six months...

 Read Full Article
Amey Trials Data Capture Robots Across Education Portfolio

Amey’s facilities management business has collaborated with Trimble, to trial the use of robotic technology as a means of capturing usable data across its education...

 Read Full Article
Spotlight Interview – Francis West | Security Everywhere

Francis West is CEO of Security Everywhere, a company which helps SMEs to secure their money, data and reputation with managed security services. Francis is a trusted...

 Read Full Article
Interserve Fined £4.4m for Failure to Keep Staff Details Secure

The UK’s IT security watchdog has fined Interserve for breaching data protection law and failing to prevent a cyber attack. The Information Commissioner’s...

 Read Full Article
How to Identify and Address IoT Security Weaknesses

Data-driven facilities management is now the expected norm, but security concerns about IoT systems still remain amongst FMs and tenants. The Internet of Things (IoT)...

 Read Full Article
NHS IT Services Supplier Victim of Ransomware Attack

It has been confirmed that a ransomware attack is causing a major outage for NHS IT systems. Services affected include software used by NHS 111 and other patient notes...

 Read Full Article
Smart Buildings at Increased Risk of Cyber Attacks, Says Verdantix

The operational technology that powers connected devices across building systems is providing more entry points for cyber criminals to exploit, says research and advisory...

 Read Full Article
BESA Tightens Security After Fraud Incident

The Building Engineering Services Association (BESA) says it has carried out a thorough review of the security procedures behind its online training schemes...

 Read Full Article
Critical Log4j Vulnerabilities Affect Real Estate Software

Critical vulnerabilities in open-source software pose potential risks for a wide range of businesses, governments and individuals. Log4shell, the vulnerability...

 Read Full Article
Amey Raises Over £300K for Armed Forces Charity 

Amey’s Secure Infrastructure business, a provider of critical facilities services for the public sector and UK Defence, has raised over £300,000 for...

 Read Full Article