In February 2023, Lagan SCG – a Belfast headquartered construction business – experienced a data breach following a cyberattack.
This page explains how the data breach happened, the facts of the case, and the consequences for the affected victims.
In 2023, Lagan Specialist Contracting Group, a construction business headquartered in Belfast, experienced a data breach. According to media reports, the company – which is one of the largest in the North – was targeted by the LockBit group, the same ransomware group that attacked Royal Mail in February.
A significant amount of sensitive and confidential employee data was compromised because of the hack.
While Lagan SCG was able to trade as usual following the ransomware attack, the business was reportedly given a deadline to pay a six-figure ransom or face sensitive data being published or sold online. We can assume that this ransom was not paid as Lagan SCG employee data was later found on the dark web.
Lagan SCG operates several sites across Ireland, Britain, the USA, and Dubai. The group’s companies include H&J Martin, FK Lowry, Charles Brand and Rosemount Homes. So, a significant number of employees could have been affected by this breach.
Lagan SCG wrote to affected individuals to inform them that their data has been breached. In this letter, Lagan SCG accepted that some of the stolen data was considered sensitive and could be used to commit fraud.
The company experienced a ransomware attack.
The following data was found online:
Commenting on the breach, a spokesperson for Lagan SCG said:
“The company has experienced a recent cyber incident. We have concluded our investigation, engaged with the relevant authorities and kept employees and clients aware of matters.
“Our businesses continue to trade as normal. Events of this nature are unfortunately increasingly common. We will continue to implement robust security controls to further ensure the safety of our systems”.
The company wrote to affected individuals to inform them that their data has been breached.