It has assured customers the attack was concentrated on one staff email account and any information stolen cannot be used in isolation. No customer accounts were affected.
The phishing attack on the staff email account aroused suspicion when log-in attempts were made to the account from seven suspicious countries.
The account was immediately locked down and the credentials changed, a forensic investigation was carried out and it was discovered that some internal emails had been viewed by the attacker.
Sure's chief security officer Tim Stonebridge said they were taking the matter seriously.
'Sure has been targeted by a phishing attack, which has resulted in the disclosure of fewer than 400 suppliers’, employees’ and former employees’ data across the three islands of Guernsey, Jersey and the Isle of Man,' he said.
'The data was limited in nature and no existing customers’ data has been compromised.'
Sure said contacting those affected has been their priority since the breach. It has now informed all those involved and offered relevant advice, as well as making the data protection authorities in each island aware.
'The loss of data was the result of human error and only affected one staff email account, which our systems identified and subsequently shut down,' Mr Stonebridge said.
'The attack was contained and Sure’s systems were never compromised. While the data that has been stolen cannot be used in isolation, we have advised those affected to be extra vigilant.'
He said security was of paramount importance to Sure.
'Our employees undergo regular cybersecurity training,' he said.
'We are constantly reviewing our training programmes and will use this example to inform future learning.'
You need to be logged in to comment. If you had an account on our previous site, you can migrate your old account and comment profile to this site by visiting this page and entering the email address for your old account. We'll then send you an email with a link to follow to complete the process.