HS2 investigating possible misconduct tied to ‘serious’ data breach
HS2 has launched a formal investigation into allegations of gross misconduct tied to a “serious” data breach earlier in the year, City A.M. understands.
Sources allege the incident took place in late May. HS2 Ltd, the company sponsored by the Department for Transport (DfT) to oversee the project, subsequently began an investigation into a potential significant breach of GDPR and Cyber Security policy via its counter fraud and business ethics team.
Preliminary findings have led to an internal formal disciplinary investigation into what could amount to “gross misconduct,” according to company correspondence seen by City A.M.
The allegations include entry to computers without authorisation, a serious breach of HS2’s Data Protection and Cyber Security Policy and a serious breach of confidentiality, the correspondence said.
At least one member of staff has been suspended on a precautionary basis while the investigation is ongoing.
HS2, which employs over 30,000 people across the country, refused to provide further information on the possible scale of the breach or what type of information was stolen when contacted by City A.M.
A spokesperson for HS2 Ltd said it had “robust processes for investigating allegations of misconduct”.
A number of the UK’s biggest transport companies have been subject to cyber attacks and data breaches in recent years.
A 2022 report from Stephenson Harwood into the rail sector found rail businesses were “particularly exposed,” with supply chains in the industry often creating the most “material vulnerabilities.”
The Rail, Maritime and Transport Union (RMT) warned in February of a “significant” data breach concerning South Western Railways’ Guards. “Worryingly, the company’s attitude to this breach has been one of indifference. Management have disregarded the impact this will potentially have on the affected members,” the union said at the time.
In 2018, Great Western Railway was forced to reset more than one million customer accounts after discovering hackers had successfully breached a small percentage of them.