24 November 2020

Information for CHS customers in homes receiving Gasway services

One of our contractors, Gasway Services Ltd, has informed us that they and their parent company, Flagship Group, suffered a cybercrime incident on 1 November.

Who is affected?

Gasway Services Ltd have advised that to date, there is no evidence that any CHS customer data has been compromised or accessed.  Gasway Services Ltd’s latest statement of 24 November can be found at the end of this notice.

CHS shares only the contact details (names, addresses, phone number/email addresses) of relevant customers with Gasway Services Ltd so that they can deliver the appropriate services to you – as outlined in our privacy notice.  Please be assured, Gasway Services Ltd do not hold sensitive data or financial details of any CHS customers.  

Is the issue contained?

Following discovery of the incident, Gasway Services Ltd and Flagship Group have taken the following actions:

  • reported the crime to the police, to Action Fraud, and to the Regulator of Social Housing
  • taken advice from the National Cybersecurity Centre, and National Crime Agency
  • been in regular contact with the Information Commissioner’s Office
  • carried out forensic investigation of the incident, through an independent leading cybersecurity consultancy
  • kept CHS updated with progress of their investigations.

What are the next steps?

CHS will continue to liaise with Gasway Services Ltd to check for any updates on their 24 November statement.

Please remain cautious of emails or phone calls, even if they appear to come from someone you know:

  • Avoid clicking on emailed links or attachments, particularly if you were not expecting them – if in any doubt, delete the email
  • Put the phone down on calls if you are unsure about the caller.

We will post any further updates on our website.

Updated statement from Gasway Services Ltd/Flagship Group, 24 November 2020

“On Sunday 1 November 2020, we were subject to a cyberattack and we have been advised by our cybersecurity specialists, that it was caused by ransomware, known as Sodinokibi. As part of our controlled response, we took most of our IT systems offline and in the short term the attack limited us to emergency operations.

However, we are now in a stage of carefully controlled recovery and our teams have safely and securely rebuilt our essential systems. With each system, we are making sure it is safe to bring back online and therefore some systems are yet to be restored. We hope to see things back to normal very soon.

Since discovering the cyberattack, we have carried out an investigation with internal and external specialists, and to date, there is no evidence of customer or staff data being stolen.

The investigation is still ongoing, and we will release a further statement following its conclusion.”