Security Incident | 15 Jun 2026

Security Incident Attestation – Email Account Compromise (ISO 27001 Aligned)

Subject: Information Security Incident Attestation and Assurance

Following a request for further detail regarding a potential information security incident, we have conducted an investigation in accordance with our incident management and information security practices. This letter provides a formal attestation of the nature of the event, assessed impact, and remediation measures, aligned to ISO/IEC 27001 principles of risk management, control effectiveness, and continual monitoring.

1. Description of the Information Security Event

On 15.06.2026, an information security incident was identified involving the compromise of a single user email account within the Microsoft 365 environment.

The unauthorised access occurred between 11:33 and 12:03, during which a threat actor authenticated using valid user credentials (email address and password).

During the exposure window, the account was used to distribute emails containing an Excel attachment. This attachment contained a hyperlink identified as malicious in nature.

Technical assessment confirmed:

  • The Excel file contained no executable code, macros, or embedded scripts.
  • The malicious element required explicit manual user interaction (i.e. copying or clicking the URL within a browser).
  • Security scanning and endpoint protection mechanisms detected no embedded malware or automated payload execution within the file.

2. Assessment of Potential Impact

In alignment with ISO 27001 risk assessment principles, we evaluated the scope and potential impact of the incident:

  • The incident was confined to a single user account, with no evidence of compromise beyond this scope.
  • There is no indication of lateral movement, privilege escalation, or access to other systems.
  • No breach of core infrastructure, services, or administrative environments was identified.
  • The risk exposure to recipients was limited to potential interaction with a malicious URL, requiring deliberate action.
  • No evidence of data exfiltration, system compromise, or malware propagation has been identified.

Based on the available evidence, the incident is classified as low impact and contained, with no ongoing risk to system integrity.

3. Incident Response and Remediation Actions

The incident was managed in accordance with established incident response procedures, including rapid containment and corrective actions:

  • Immediate account containment, including disabling access upon detection.
  • Credential reset and invalidation, preventing further unauthorised authentication.
  • Termination of all active sessions and authentication tokens.
  • Detailed audit log review and forensic analysis of account activity.
  • Confirmation of only one subsequent unsuccessful access attempt, with no further malicious activity detected.

These actions ensured effective containment and eradication of the threat within a controlled timeframe.

4. Root Cause Evaluation

Preliminary root cause analysis indicates that the compromise was most likely due to external credential exposure, such as:

  • Credential harvesting (e.g. phishing), or
  • Password reuse identified through third-party data breaches

There is no evidence of system vulnerability, control failure, or compromise within the Microsoft 365 platform.

5. Ongoing Monitoring and Preventative Controls

In line with ISO 27001 Annex A controls (including access control, logging, and monitoring), the following measures have been implemented or reinforced:

  • Enhanced monitoring and logging of authentication and account activity.
  • Organisation-wide enforced password resets, currently underway.
  • Continued operation of threat detection and alerting mechanisms.
  • Reinforcement of access control policies and credential hygiene practices.

Monitoring remains active to identify and respond to any anomalous behaviour.

6. Assurance Statement

Based on the investigation, controls in place, and remediation actions completed, we provide the following assurance:

  • The incident has been effectively contained, eradicated, and resolved.
  • There is no evidence of ongoing compromise or residual threat.
  • Security controls aligned to ISO 27001 principles remain effective and operational.
  • Monitoring and preventative measures are actively maintained to mitigate future risks.

We remain committed to maintaining robust information security practices and ensuring the confidentiality, integrity, and availability of systems and data.

Please do not hesitate to contact us should you require any further clarification or supporting information.


Please note:

We have had a report from an individual that their e-mail address was subsequently compromised following this incident. The malicious party had requested payment through to an unknown bank account not linked with the individual.

If you opened the attachment, please monitor your email inbox and outbox for any suspicious activity, and notify recipients of phishing attempts.

For more information on how to spot email phishing, please click here.