The personal information of employees at 280 UK businesses may have been compromised following a data security incident at Sage.

As one of Britain’s largest technology companies, Sage supplies accounting and payroll software to companies in 23 countries. However, the event in this case reportedly involves UK companies only.

Sage is investigating the unauthorised access to customer information, which is understood to have occurred using an internal computer login. It is not yet clear whether data was stolen or only viewed. The exact date that the data was accessed is also currently unknown.

Sage has notified the businesses whose data was involved and advised them to look out for any unusual activity. The police are currently investigating the breach, and the Information Commissioner's Office (ICO) has been informed.

The way organisations process personal data is governed by the Data Protection Act 1998 (DPA). The purpose of the DPA is to protect an individual’s fundamental right to the protection of personal data. Organisations have a legal duty imposed by the DPA to take appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and also against accidental loss or destruction of, or damage to, personal data.

If you have concerns relating to privacy, breach of confidence or data protection law and you would like to discuss your legal rights, Oratto can help connect you with the right lawyer. 


Contact Oratto on 0845 3883765 to speak with an adviser or use our contact form to arrange a call-back.