Hackers gained access to contracts, financial documents and scans of personal IDs in a cyber-attack on Amey last month.
Amey confirmed it had been the victim of a ransomware attack, in which hackers made off with 143GB of sensitive data.
An Amey spokesperson said: “On 15 December, Amey became aware of a complex IT security incident during which a portion of our data was compromised. We have reported the incident to the Information Commissioner’s Office, the National Cyber Security Centre and the National Crime Agency.
“The incident was addressed promptly, and we have been working with world-leading cyber-security experts throughout this incident and continue to work with clients to keep any disruption to a minimum.
“This incident has not impacted our Amey Defence IT environment (and Amey Defence data is stored separately in the Defence IT Environment).”
Security news specialist, Security Report stated that the group behind the breach, Mount Locker, began leaking data on its website on Boxing Day.
Ray Walsh, digital privacy expert at ProPrivacy, said: “This attack is the latest in a string of ransomware attacks on international infrastructure providers – including Bouygues, which was hit earlier in 2020. These attacks reveal that vital infrastructure providers have become a key target for cybercriminals seeking to use ransomware to defraud large sums of money.
“According to data forensic experts, the Bouygues attack was carried out by a cybercriminal group called Maze – whereas the recent Amey attack has been attributed to a hacking collective known as MountLocker. What is interesting is that Maze recently claimed to have stopped its operations. However, those hackers are considered a primary influence behind Mount Locker’s attack style, which could signal a link between the hacking groups that has yet to be uncovered.
“It will now be down to cyber-security and data forensic experts – including the UK’s National Cyber Security Centre – to look closely at the attack in an attempt to discover digital fingerprints that can shed light on the true nature of the perpetrators, as well as any links between the sophisticated attacks.”