Police arrest Sage employee at airport on fraud charges

The City of London Police arrested a Sage employee on Wednesday on suspicion of fraud.

Police arrested the 32-year old woman at Heathrow airport on Wednesday, almost a week after the company reported a data breach could have affected as many as 300 UK companies.

“The woman was arrested in connection with an alleged fraud against the company Sage. She has since been bailed,” the City of London Police said on Thursday.

Last week Sage warned customers that someone had gained unauthorised access to customer data using an internal login, though it was not clear whether the breach was carried out by employee or an outsider using employee login details.

The breach may have exposed personal and financial information on employees from firms affected.

“We continue to work closely with the authorities to investigate the situation,” Sage said after the arrest.

Sage has several million customers around the world, including Australia, and is a major software supplier to UK businesses. The company said the incident does not affect any customers outside of the UK.

Insider threats are not new to the enterprise, however detection based on deviations from the normal employee behaviour is tricky, in part due to the breadth of possible motivations.

The UK’s Centre for the Protection of National Infrastructure’s (CNPI) analysis of 120 UK-based insider cases between 2007 and 2012 found that 82 percent of incidents were carried out by males, and 18 percent by females. Nearly all perpetrators were permanent staff, while 60 percent of cases involved staff who had worked for the organisation for under five years.

CNPI's study identified financial gain as the leading top motivation for insider jobs, followed by ideology, desire for recognition, loyalties to entities outside the organisation. Just six percent were motivated revenge, though CNPI noted that malicious insiders often cited multiple motivations.

Verizon noted in its 2016 data breach report that inside jobs took the longest of all classes of breach to detect. Insiders most commonly abused privileged access to gain information for unsanctioned uses. Previous years’ reports have found that most insider threats used the local area network to inappropriately access data.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags fraudinsider threatscyber securitysageSage business softwareSoftbankBBCCSO AustraliaFTSE100UK accounting softwareTheAntiSocialEngineer.com

More about SageVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts