In July 2022, Mainspring wrote to clients to alert them to a data breach. The security failure happened when hackers gained access to Mainstream’s systems and data and carried out a ransomware attack.
In 2022, Mainspring, which provides fund administration and accounting services, experienced a severe data breach. The company, which serves 80 fund managers and manages over £8 billion in assets, contacted its clients to let them know about the privacy violation. This email was sent on 19 July.
The information potentially exposed in the Mainspring attack included:
This information related to investors and fund managers, although not all the information applies to each group. People who had previously had a relationship with Mainspring may also have been affected.
Mainspring contacted those affected by this breach.
While Mainspring said that the breach did not affect client money, and that there was no evidence of an attempt to access bank accounts, it simply could not be sure that the stolen data would not be used maliciously.
Mainspring did acknowledge that those affected should be “extra vigilant for suspicious emails and potential phishing attempts”. It also warned those people it held bank details on to monitor their account(s) for any unusual activity.
Similar data breaches have resulted in fraud, blackmail, and identity theft, so investors and fund managers were at high risk of being targeted by cybercriminals.
See our answers to the FAQs we got asked about the Mainspring Data Breach.
In July 2022, Mainspring experienced a ransomware cyberattack. Mainspring investigated the incident and discovered that some personal data had been accessed. This information relates to investors and fund managers.
The information potentially exposed in this attack included:
If you were affected by the data breach, Mainspring should have been in touch to notify you.
Mainspring did not engage with the perpetrators or pay the ransom demanded. Mainspring did file an incident report with the ICO on Thursday 14 July 2022. It also reported the incident to Action Fraud.
Our action is now closed. So you cannot make a claim with Keller Postman UK.