Large infrastructure company suffers data breach

The large infrastructure management company Amey has recently been attacked with a sophisticated ransomware attack. Amey Plc is one of the largest British companies within the public and regulated sectors. They manage some of the UK’s critical infrastructure - services such as rail and power networks

According to Security Report, Amey became aware of this attack around December 15th or 16th and since then they have had confidential data leaked online. This data included contracts, financial documents like bank statements and loan records, confidential partnership agreements, NDAs, government correspondence, passports, driving licenses and other employee records alongside technical blueprints, like those of Manchester Metrolink railways. This is quite a severe breach and we are expecting to hear more about it as investigations continue.

An Amey spokesperson has been quoted as saying “Amey has comprehensive tracking software and virus mitigation strategies meaning the incident was caught early. We have been working with world-leading cyber-security experts throughout this incident and continue to work with clients to keep any disruption to a minimum,”

Although specific details on how this attack was propagated are not yet known, it is well documented that most ransomware attacks utilise phishing as their initial entry point, so this seems like the most likely explanation.


Incidents of this nature shine a light on the fact that even with sophisticated tools and technologies in place to prevent such attacks, employee education is imperative when building a security environment capable of dealing with the sort of attacks that are happening every day now.


We at GB3 believe that the regular education of all staff in Cyber and Information Security is a vitally important tool when it comes to protecting your business. That’s why we offer a Cyber Security & Compliance Platform as a fully managed service that includes, engaging and test based eLearning, Policy deployment, simulated phishing attacks and even incident management. Our eLearning curriculum is designed to provide your staff with monthly essential information security and data protection training, covering subjects such as Phishing, Ransomware, GDPR and much more.

Contact us today for a tailored demonstration and find out about our proven delivery model for getting you up and running.

218 views0 comments