IT services provider Sopra Steria suffers cyber attack

Ironically, the firm has a specialist unit dedicated to protecting clients' sensitive information

European IT services group Sopra Steria has announced that it fell victim to a cyber attack on the 20^th October.

The company did not provide detailed information about the incident, but said that it has taken appropriate security measures to contain the risks.

In a statement on its website, the company said that its cyber security teams were working to ensure that business operations return to normal as quickly as possible.

Cyber security experts are investigating the attack, and appropriate law enforcement authorities have also been informed about the incident.

"Sopra Steria is in close contact with its customers and partners, as well as the competent authorities," the company said.

A French firm headquartered in Paris, Sopra Steria is known for providing systems integration, software development and consulting services to customers across the world. Some of the company's big customers in the financial sector include HSBC, the Bank of China, RBS, BNP Paribas, Huyndai Capital and La Banque Postale. The firm also runs a joint venture with the UK Department of Health and the NHS, which recently awarded a £500 million framework to several smaller firms.

The Group has more than 46,000 employees in 25 countries, and generated revenue of €4.4 billion last year.

While Sopra Steria is tight-lipped about the nature of the cyber attack, some French media reports claim that the company has received extortion demands after falling victim to the Ryuk ransomware.

The reports also indicate the hackers compromised Sopra Steria's Active Directory infrastructure and encrypted its network.

In a blog post, cyber security expert Graham Cluley said that the security incident is unfortunate for a company like Sopra Steria, which claims to have a specialist branch to help customers 'protect sensitive information, and prevent costly data breaches.'

"Naturally Sopra Steria's corporate clients, some of whom rely upon the firm to operate their core business processes and IT systems, will be concerned and will have plenty of questions regarding the nature of the attack," Cluley said.

"All companies, big and small, need to be on their guard and put defences in place to reduce the chances of becoming the next victim," he added.