IT security incident

What happened?

On 9 June 2025 we identified some unusual activity on our network. In line with our security protocols, we inspected this immediately.

Unfortunately, we identified that we were experiencing an IT security incident, so we took immediate steps to contain it by taking some of our systems offline and engaged a team of external security experts to respond and investigate.

When did this happen?

We identified this incident on 9 June and took immediate action to contain it.

How did this happen?

We have appointed a team of experts to help us investigate the incident and bring our systems back online when it is safe to do so. The investigation is still in its very early stages, so it is too early to draw any conclusions on the cause of the incident. We have not experienced disruption to member facing operational work and that has and will continue as normal.

Is this a cyberattack / is this ransomware?

We have appointed a team of experts to help us investigate the incident and bring certain internal systems back online as soon as possible. The investigation is still in its very early stages, so it is too early to draw any conclusions on the specific details or nature of the incident.

Is the incident contained / are systems secure now?

We are working with external security experts to take several proactive steps to contain the incident and to maintain the security of our systems.

What measures do you have in place to prevent these incidents?

As you would expect, we have a range of measures in place to protect our IT systems and an ongoing security programme to continuously develop our security posture.

Unfortunately, these types of incidents are increasingly common and a prevalent risk that all organisations face. Once our investigation has concluded, we will ensure that any lessons learnt are implemented to reduce the risk of something like this happening again.

Why was Prospect targeted?

There is no indication that Prospect was specifically targeted over and above other organisations.

How much is Prospect spending on hiring these experts / responding to the incident?

We are being supported by external experts, provided through our cyber insurance policy. As this relates to confidential information, we cannot share any further details, but your National Executive Committee has been informed and will be kept updated.

Have you reported this to the authorities?

Yes, we’ve reported this to the Information Commissioner’s Office. We’re also working with the Police.

Why didn’t you tell us about this sooner?

We became aware of the incident on 9 June. We acted extremely quickly, and on the same day, commenced a detailed investigation with the help of external security experts. These investigations take time, and it was important for us to understand more of the facts of the situation to be able to provide you with accurate information.

Why did you put a notice on the website instead of contacting us directly?

It’s important to us that we are transparent with our members, which is why we took the decision to make you aware of the situation as early as possible. As we are currently not asking members to take any action or steps as a result of this IT matter, we have not emailed you directly.

Disruption

Will this incident impact ongoing cases / support I am receiving from Prospect?

Prospect employees are working as normal, and this incident should have no impact on their work supporting members.

How does this affect Members?

At this stage, we do not believe that members should be experiencing any operational impact because of this incident. However, in the interest of transparency, we wanted to make you aware of this incident and the action we are taking to manage it.

Why are you telling us if we don’t need to do anything? Do you know more than you’re currently telling us?

We have told our members about the situation in order to be transparent, even though we are not currently asking you to take any action.

We are being supported by external experts to conduct a comprehensive investigation into the incident and its impact. These types of investigations can take time, but should we identify the need to provide members with more information and guidance, we will do so as soon as we are able.

Data

Has member data been impacted / accessed?

Understanding any impact on data is the priority of our investigation.

Our investigation is ongoing, and at this stage we are not in a position to confirm details or draw any conclusions regarding potential impact to member data. Should we identify the need to notify anyone of an impact to their personal data, we will do so as soon as we are able to.

When will you know what data is involved?

Our investigation is underway, and we will be monitoring progress carefully while giving the external IT experts space to conduct their investigation – as it is a very thorough process involving multiple avenues of enquiry, it is not possible to provide a precise timeframe.

Do I need to do anything differently as a result of this incident?

Please be assured that you do not need to take any action at this moment in time or do anything differently because of this incident.

As always, please remain vigilant and do not click on any links in suspicious emails, download any attachments or reply to the email directly.

As good practice generally, we would encourage everyone to exercise caution and remain vigilant in relation to their personal data. Remember that we will never contact you and ask you to provide personal information like your bank details.

Who should I contact if I have any questions?

Our investigation is still in its early stages, and we do not have all the answers regarding what has happened yet. If you have any urgent concerns, you can email [email protected] who will do their best to help answer your questions.