View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 10, 2023

Morgan Advanced Materials hit by cyberattack, customers left in the dark

Very little information has been published on the cyberattack which has been described as a "data security incident".

By Ryan Morrison

British manufacturing company Morgan Advanced Materials has been hit by a cyberattack. The company said some of its servers were taken offline to contain the attack, leading to limited email service and other network restrictions. But very little information has been published about the extent of breach, a decision which one analyst says could prove to be a mistake as it may lead to more anxiety for customers and suppliers.

Morgan Advanced Materials was hit by a "data security incident" but hasn't published any additional information (Photo: IgorGolovniov/Shutterstock)
Morgan Advanced Materials was hit by a “data security incident” but hasn’t published any additional information (Photo: IgorGolovniov/Shutterstock)

The exact nature of the attack hasn’t been revealed but it is described as a “data security incident” which was spotted on Sunday. A third party company was brought in to carry out forensic analysis of the network to better understand the nature of the attack and help prevent further damage to the network.

Regulators and law enforcement have been informed of the incident and the company says it is working to remediate the attack, including taking a limited number of servers offline in an “abundance of caution”, restoring them once the investigation confirms it is safe to do so.

Customers and suppliers are being contacted by company representatives to manually process existing and up-coming orders. A statement from Morgan Advanced Materials to its clients said: “we appreciate your patience whilst we are working hard to resolve this issue and minimise disruption to our valued customers.”

Data regulator the Information Commissioner’s Office said it has not been informed of the incident. An ICO spokesperson said: “Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach, unless it does not pose a risk to people’s rights and freedoms.

“If an organisation decides that a breach doesn’t need to be reported they should keep their own record of it, and be able to explain why it wasn’t reported if necessary. All organisations using personal data should do so safely and securely. If anyone has concerns about how their data has been handled, they can report these concerns to us.”

Morgan Advanced Materials cyberattack: company has been bolstering its defences

Morgan is two years into a three-year security programme that includes introducing multi-factor authentication and staff training on monitoring for cyberattack risks. This includes strengthening an internal ‘thinkSECURE’ brand through a staff awareness programme.

The company manufactures specialist products using carbon, advanced ceramics and composites and operates across 30 countries. Listed on the London Stock Exchange, the FTSE 250 vysubess was founded in 1856 and has a long history with computing, becoming one of the first in the UK to computerise its financial records in 1954. It posted revenue of £950m for the 2021 financial year, and employs 7.800 people.

Content from our partners
Sherif Tawfik: The Middle East and Africa are ready to lead on the climate
What to look for in a modern ERP system
How tech leaders can keep energy costs down and meet efficiency goals

In its last annual report, the company says of its cybersecurity strategy: “Residual and emerging risks will be mitigated through continuation of the company’s IT strategy and information security programme, including ‘thinkSECURE’ and implementation of the related cybersecurity projects.”

Jake Moore, global security advisor at ESET told Tech Monitor a lack of information during a cyberattack can lead to bigger problems for companies than disclosing as much as is safe to do so. “Companies often try to hide on quiet side when releasing details of a cyberattack but scant information can sometimes lead to bigger problems later on internally and externally,” Moore says.

“What potentially could be a ransomware attack coupled with a data breach, it is clear that problems are affecting their systems and data. Customers and suppliers will no doubt be anxious about any sensitive data that could be at risk but as usual, any unsolicited emails that hit inboxes in the coming days need to be cautiously viewed.”

Read more: Biggest cyber threats your business faces in 2023

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU