Firms are required by law to report breaches within 72 hours

The Information Commissioner’s Office (ICO) is assessing information provided to it by Ardonagh after the broker was hit by a cyber attack last week.

The breach - described by The Register as a ransomware attack - was announced by Ardonagh on 30 September. The incident ”caused disruption across a limited part of the Ardonagh Group estate”, the company said last week.

Businesses affected by cyber attacks are required to notify the ICO within 72 hours when there has been a data breach. In serious cases, those affected must be contacted also.

Ardonagh said the incident was identified as a result of the routine comprehensive monitoring it has in place.

”We immediately took all necessary action including taking impacted systems offline and have implemented our business continuity plans in the impacted business units, to minimise disruption to our customers, Ardonagh continued. 

”We are working with third-party forensic and IT experts to manage the situation and are in the process of carrying out remedial action.”