Connexus cyber security incident update FAQ

In December 2023, Connexus experienced a cyber security incident, which involved unauthorised access to its systems. The IT team at Connexus worked quickly to contain the situation, switching off systems to protect customer data. All relevant authorities, including the ICO and the Regulator of Social Housing were informed.

Since the incident, our teams have been working with cybersecurity specialists to investigate what happened and bring systems and services back online safely. Many Connexus services are now running as usual, however there may be slight differences to how these are delivered, which our teams will explain when customers get in touch. This might include rearranging an appointment if work was due while Connexus systems were offline or reconfirming some details.

The following FAQs should help answer any other questions. It’s been developed based on what customers have asked when speaking to Connexus teams over the past few weeks.

• Have my customer details or my identity been stolen because of the incident?

  We know that any cyber security incident can be unsettling to read about, however there is no indication at this stage that customer details have been stolen in the incident. Please be assured that we will update customers, clients and partner organisations as required and will write to anyone affected if it is necessary to do so.
   

• Does the Information Commissioner (ICO) know about the incident?

  Yes, Connexus informed the ICO about the incident.
   

• Services seem to have been down and affected for a long time, what’s taking so long?

  During our investigations, systems needed to remain offline to protect data. Teams across Connexus put in place temporary ways of working to keep services running for customers. As systems are brought back up, normal services will resume, but it may still take some time. There may also still be slight changes to how our services are delivered. Having some systems and services offline has allowed Connexus to trial some new ways of working, such as same day appointments for repairs – which may continue and be developed as part of the transformation of the repairs service, a key priority and part of the Connexus corporate plan. We hope customers benefit from this new approach.
   

• I’ve been receiving more scam calls since the incident, is there a link?

  We are not aware of any direct impact to our customers as a result of this incident. Unfortunately scam calls and internet-based fraud in the UK have been increasing year on year, with criminals using increasingly advanced techniques to try and defraud people, with elderly people most at risk.
  
  We encourage customers to remain vigilant, and to report any scams to Action Fraud on 0300 123 2040 or at www.actionfraud.police.uk/ or report nuisance callers to the ICO at ico.org.uk/for-the-public/nuisance-calls/.

Our teams have spent lots of time keeping services running and bringing systems back online for customers. This will continue to be the focus for Connexus over the next few weeks and months. Hopefully any questions have been answered above, and there is additional guidance on how to reduce the chances of being a victim of cybercrime and other fraud below. If you do have any questions, please email hello@connexus-group.co.uk

Strong passwords

Choose hard to guess passwords for your accounts which don’t contain family names or simple words. Always use a mix of upper case, lower case, numbers, and special characters.

Never use the same password for different services, as this means if one password is compromised it can be used to try and access other common websites or services you use too.
 

Set up multi-factor or dual factor authentication

If you aren’t already, using two factor authentication is an effective way to keep your accounts safe, adding an extra level of security requiring a code to login to an account. These are usually simple to set up and you can use a mobile number or authenticator app to receive the code. Multi-factor authentication means that even if your password is compromised, someone trying to access your account would not be able to get in without a code.
 

Watch your credit score and sign up for financial and property alerts

It is always good to protect yourself online.  There are many services that offer protection to see when soft and hard credit checks are being performed. You can also check for any anomalies in your credit history each month, for example if your credit score changes unexpectedly.

Some useful sites and tools to do this are listed below.

Credit checks

• Checks major credit reference agencies in the UK
  www.checkmyfile.com/
• Difference between soft and hard credit checks
  What Is A Credit Check? | Hard And Soft Checks – HSBC UK

Property alerts

• Government property alerts linked to the Land Registry.
  www.gov.uk/guidance/property-alert
   

Staying vigilant - other tips on avoiding scams and fraud   

As mentioned above, it’s important to remain vigilant. With more and more information in the public domain, there is a chance scammers and fraudsters may try to exploit personal and publicly available information about you.

Remember the following tips from the Metropolitan Polce to reduce your chances of being defrauded:

• Be suspicious of all ‘too good to be true’ offers and deals. There are never any guaranteed get-rich-quick schemes.
• Don’t agree to offers or deals immediately. Insist on time to get independent or legal advice before making a decision. Scammers thrive on using time as pressure.
• Don’t hand over money or sign anything until you’ve checked someone’s credentials and their company’s.
• Never send money to anyone you don’t know or trust, whether in the UK or abroad, or use methods of payment you’re not comfortable with.
• Never give banking or personal details to anyone you don’t know or trust.
• Always log on to a website directly rather than clicking on links in an email.
• Don’t just rely on glowing testimonials. Find solid, independent evidence of a company’s success.
• Always get independent or legal advice if an offer involves money, time or commitment.
• If you spot a scam or have been scammed, report it and get help.

Don’t be embarrassed about reporting a scam. Because the scammers are cunning and clever there’s no shame in being deceived. By reporting it, you'll make it more difficult for them to deceive others.
 

How to report

• Action Fraud - reporting a cybercrime
• Citizens Advice - reporting a scam
• ICO - nuisance callers 
   

Make it harder to find your details

You can register your mobile and landline with the Telephone Preference Service. This will stop legitimate companies using your details to sell you things. If someone stills tries, you know they’re not legitimate.

• Telephone Preference Service 
  (or call 0345 070 0707)