Listed City firm Gateley has admitted that client data has been stolen after a cyber security attack on its IT system.
In a statement to the London Stock Exchange this afternoon, the firm said it was managing a cyber security incident after discovering an intrusion into its system. The company said the attack was quickly identified by its IT team and it acted immediately to secure its systems.
Investigations will continue over the next few days, but it has been confirmed that around 0.2% of its data has been stolen, which Gateley says has been traced quickly and deleted from the location to which it was downloaded.
The board said the attack had not affected financial performance, but the market reacted swiftly, with almost 8% wiped off the share value within an hour of the statement.
There is no evidence to suggest that this information has been further disseminated, but the impacted data did include some client data. When investigations are further progressed, Gateley will notify those affected.
The company has already reported the incident to the relevant regulators and law enforcement agencies, as well as the Information Commissioner’s Office.
Rod Waldie, Gateley chief executive, said: ‘IT security is of paramount importance to Gateley and we had carefully planned for the occurrence of risk that a cyber breach could have on the business. Incidents of this nature are, sadly, prevalent. I am grateful that the prompt actions of our IT team have limited the impact of this incident and enabled us to resume our business operations swiftly.
‘We are continuing to work with specialist cyber security professionals to investigate the incident and identify any parties that may have been affected and we will, of course, contact anyone affected in due course. In the meantime, we are restoring all of our systems in a safe and secure manner as quickly as possible and do not expect at this stage any significant disruption to our day-to-day activities or financial performance.’
The company took some of its systems offline while it undertook enquiries, supported by a professional cyber security team, and has ‘carefully but rapidly’ re-established its core systems to enable staff to continue to work and communicate with clients.