Sage employee arrested at Heathrow over data leak

Arrest follows warning last weekend over breach of personal data of employees at 280 clients in the UK

An employee of accounting software company Sage has been arrested at Heathrow airport in connection with the leak of personal details of staff working at 280 UK businesses.

The arrest was confirmed by City of London Police this morning, which said that the suspect, a 32-year-old woman, has been bailed.

The news comes less than a week after the company, the UK's largest independent software vendor with some six million customers worldwide, issued a warning.

The brief warning, released over the weekend, stated: "We believe there has been some unauthorised access using an internal login to the data of a small number of our UK customers so we are working closely with the authorities to investigate the situation."

The statement did not reveal much more than that, however, although security specialists were quick to criticise the company over its security measures.

Thomas Fischer, threat researcher and global security advocate at Digital Guardian, laid the blame squarely at Sage's door, and suggested that the company's security was inadequate.

"It appears the Sage breach came from an insider. Insider threats are almost always preventable if the right people management processes and tools are in place," said Fischer.

He continued: "This is the case even if the employee is a so-called reluctant insider, meaning that, for example, an external party has compromised their account. Sage also claims that it is currently unsure how the data was compromised. Again, with the proper investments in IT security, this should be easily controllable and identifiable within a very short period of time."

The admission at Sage came just one week after Oracle admitted that Russian hackers had cracked its own security and had gone as far as placing malicious code on what it described as "legacy" retail systems software at its MICROS point-of-sale systems subsidiary.