Lagan SCG data breach


In February 2023, Lagan SCG – a Belfast headquartered construction business – experienced a data breach following a cyberattack.

This page explains how the data breach happened, the facts of the case, and the consequences for the affected victims.  

What happened in the Lagan Specialist Contracting Group (SCG) data breach?

In 2023, Lagan Specialist Contracting Group, a construction business headquartered in Belfast, experienced a data breach. According to media reports, the company – which is one of the largest in the North – was targeted by the LockBit group, the same ransomware group that attacked Royal Mail in February.  

A significant amount of sensitive and confidential employee data was compromised because of the hack.  

While Lagan SCG was able to trade as usual following the ransomware attack, the business was reportedly given a deadline to pay a six-figure ransom or face sensitive data being published or sold online. We can assume that this ransom was not paid as Lagan SCG employee data was later found on the dark web.  

Lagan SCG operates several sites across Ireland, Britain, the USA, and Dubai. The group’s companies include H&J Martin, FK Lowry, Charles Brand and Rosemount Homes. So, a significant number of employees could have been affected by this breach.

The stolen data found online included:

Lagan SCG wrote to affected individuals to inform them that their data has been breached. In this letter, Lagan SCG accepted that some of the stolen data was considered sensitive and could be used to commit fraud.

Lagan SCG data breach timeline

  • 13 February 2023
    The Lagan SCG attack is announced on the dark web. The business is given a deadline of February 28 to pay up or face potentially sensitive being data published online or sold onto third parties.
  • May 2023
    We discover Lagan SCG employee data on the dark web and launch an investigation into this data breach.

Your questions answered

FAQs about the Lagan SCG data breach

The company experienced a ransomware attack. 

The following data was found online:  

  • Names, addresses, email addresses and dates of birth   
  • NI Numbers  
  • Passport Numbers   
  • Name of pension scheme    
  • Bank details (name, address, sort code and account number)  
  • Emergency contact name, address and relationships   
  • Information about salary, including monthly/weekly paid amounts and bonus amounts paid  
  • Details of any payments of government support during covid. 

Commenting on the breach, a spokesperson for Lagan SCG said: 

“The company has experienced a recent cyber incident. We have concluded our investigation, engaged with the relevant authorities and kept employees and clients aware of matters.  

“Our businesses continue to trade as normal. Events of this nature are unfortunately increasingly common. We will continue to implement robust security controls to further ensure the safety of our systems”. 

The company wrote to affected individuals to inform them that their data has been breached.