With all the worrying talk about Digital ID’s, you can image my (faux) shock and horror when I heard that the European Commission’s website/platform www.europa.eu/ had been hacked, just days after the almighty cock-up and data breach by Companies House and a similar data breach by Lloyds Bank, Halifax and Bank of Scotland.
Now, what you may not be aware of, but I am, is that it is on that platform the UK Government stores information about those who may have had a Government backed business loan or business grant, as that is where such information needed to be stored before Brexit.
Therefore all businesses that had, for example, either a loan with a Government guarantee attached to it or a grant will have their information stored there.
Fortunately, the majority of those with a Bounce Back Loan are not affected, as rules stipulate such loans do not need putting on that platform, but those with the big boy BBL’s such as a CBILS and CLBILS Loan may be worried.
You may be asking yourself why on God’s Green Earth is such information stored there when we are not in the EU, well it is to do with Transparency and State Aid, I won’t bore you with the details, suffice to say the details of Business Grants and Government Backed Business Loans issued during the pandemic and before Brexit are stored there, to make such information “in the public domain”.
Anyway, to cut a long story short I contacted the British Business Bank, the Department for Business and Trade and the EU Commission at the crack of dawn this morning, just in case any information that shouldn’t be in the public domain has been breached.
Had a lovely chat with the people at the British Business Bank and the Department for Business and Trade who must love getting calls from me before breakfast:
After a couple of phone calls and emails this is what I asked:
“The European Commission has announced their Europa.eu platform has been hacked/compromised and data may have been stolen.
As you know, as per State Aid requirements, your Department had to register on that platform all Companies that had Government backed loans such as CBILs, and Grants during the pandemic.
Smaller loans such as Bounce Back Loans, (unless given to farmers, those in agriculture and fishing industries I think it was) were not required to be listed on that platform.
My urgent question is, has the personal or business data from any UK based Companies been compromised in that data breach and what should people do.
Ideally, during the course of the day a statement from you would be good.”
This is the British Business Bank’s reply
“Hi Mike
Thank you for bringing this to our attention.
The British Business Bank does not issue grants and no BBLS data was held on the EU transparency database. Company information for CBILS loans of Euros 100k+ are contained on the database.
This is a matter for the European Commission as they are the data controller.
Many thanks”
This is the Department for Business and Trade’s reply:
“We understand that steps to mitigate risks associated with the cyber-attack have been taken and we understand that investigations are ongoing as to what data may have been compromised”
As they were being quite talkative, and not wanting to miss an opportunity and open goal, I did of course ask them when the Big BBL Write Off strategy and Strike Off Unblocking Mechanism would be announced as it is very late.
I will let you know if they give me a date.
The European Commission has not responded.
This is the announcement from the EU Commission
On 24 March, the European Commission discovered a cyber-attack, which affected its cloud infrastructure hosting the Commission’s web presence on the Europa.eu platform. Immediate steps were taken to contain the attack.
The Commission’s swift response ensured the incident was contained and risk mitigation measures were implemented to protect services and data, without disrupting the availability of the Europa websites.
Early findings of our ongoing investigation suggest that data have been taken from those websites.
The Commission is duly notifying the Union entities who might have been affected by the incident. The Commission’s services are still investigating the full impact of the incident.
The Commission’s internal systems were not affected by the cyber-attack.
The Commission will continue to monitor the situation and take all necessary measures to ensure the security of its internal systems and data. It will analyse the incident and use the results to further enhance its cybersecurity capabilities.
As Europe confronts persistent cyber and hybrid attacks targeting essential services and democratic institutions, the Commission is actively working on enhancing the EU’s cybersecurity resilience.
