Context
The ICO has warned that any organisations using the SolarWinds Orion platform should check their systems as SolarWinds has been the victim of a cyber-attack which inserted a vulnerability that could potentially allow the attacker to move into other areas of a firm’s IT network and systems and, potentially, breach personal data.
Key points to note
- Organisations should check whether they are using a version of the software that has been compromised; with these being 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1.
- SolarWinds has provided detailed instructions to allow its customers to determine what version of the Orion platform they are running and to enable them to upgrade and resolve the issue https://www.solarwinds.com/securityadvisory
- Firms should establish if the personal data they hold has been affected by the cyber-attack. If a reportable personal data breach is found they should report this to the ICO within 72 hours of discovering the breach https://ico.org.uk/for-organisations/report-a-breach/#GDPR
- The National Cyber Security Centre has also published advice https://www.ncsc.gov.uk/guidance/dealing-with-the-solarwinds-orion-compromise