City of London Police arrested a 32-year-old woman at Heathrow airport yesterday on “suspicion of conspiracy to defraud”.

According to police, the arrested woman is a current employee of Sage.

Sage made the headlines earlier this week after the online accounting and payroll company announced it had suffered a data breach, putting the details of approximately 280 UK and Irish companies at risk.

Sage described this as a “small number” of their customers. And it is a small percentage, considering over half a million British businesses are thought to be using Sage’s payroll software.

But, of course, that’s little consolation if you’re one of the customers whose data was put at risk by the breach. And the number alone doesn’t tell us anything about the size of the companies affected, or how many employees of those companies could also potentially have had their identities and financial details put in danger.

Police say that the woman arrested at Heathrow airport has been released on bail.

Sage said that an internal login had been used to access the sensitive information.

It’s worth underlining that the woman arrested has not been charged with any offence, let alone convicted… but this might be a timely reminder for all businesses to not focus solely on external attackers over the internet but recognise that there can also be considerable dangers posed by insiders if your workforce turns rogue.

Graham Cluley