Partick Housing Association

Working together, making homes and building communities.

News

Festive Services Directory

Hopefully you are enjoying lots of Christmas cheer this festive season!

Of course, this time of year can be challenging for people in many different ways – whether it’s financial worries, social pressures, family troubles, or loneliness. It’s not surprising that many people feel unable to cope at Christmas.

Try to take some time out for self-care and to look out for those around you.

Click here to view a city-wide directory of organisations delivering various support services throughout the festive season.

Posted in PHA

Suspicious Emails – Investigation Update and Actions to take

Suspicious Emails – Investigation Update and Actions to take

Last week we made you aware of suspicious emails and spoofing instances related to some of Partick Housing Association (PHA) mailboxes between Monday 25 and Tuesday 26 October 2021.

Firstly we are sorry for any distress this has caused and want to assure you that we take our responsibility for data very seriously. 

PHA’s ICT infrastructure is managed through a contract with MRI Software LLC and in conjunction with MRI we have conducted a full investigation of issues and most importantly, we have considered the risks to the recipients of these emails.

Investigation findings

Our investigation found that a routine upgrade to our exchange server (where emails are sent from) had not been applied within the appropriate timescales.  This caused a weakness in our accounts and allowed hackers to copy some outgoing emails, cut and paste information and resend emails appearing to be from PHA mailboxes or staff. 

Some the emails had broken links or illegible texts making it easily recognisable that they were not from PHA.  Others had links which opened a zip file or excel sheet.

We have assurance that our systems (customer databases and internal systems) were not affected.  This instance only relates to outgoing emails.

Actions to take if you received an email from us.

Detailed below is various scenarios to consider if you received an email from us (during Monday 25 October and Tuesday 26 October) and the implications or actions you should take. Some of the recommendations have previously been advised to you in our communications.

Email received, where you DID NOT click on a link:-

  • Despite the lower risk and chance of no impact, It’s recommended that you, the end-user runs Anti-Virus software on the device that was used to access the link.
    • If you do not currently have any installed, “Malwarebytes”/”AVG” and “Kaspersky” all offer free versions.

Email received, where you DID click on a link or are unsure:-

  • It’s essential that you run Anti-Virus software on the device that was used to access the link.
    • If you do not currently have any installed, “Malwarebytes”/”AVG” and “Kaspersky” all offer free versions.
  • You should also change your password on your email account.
  • If you received the email at work and are part of an organisation that has an IT presence, please make your IT team aware of the situation so they can review further.

In any case we suggest considering the following advice:

  • If the email does not look genuine, or the usual formatting that is received previously is not present, it is always worth following up with the sender before viewing any attachments or content further.
  • If the email appears genuine, but it is from an unknown sender, it is advisable to follow this up with the sender in a separate communication or to query this with any available IT presence.

Our colleagues at MRI are happy to talk you through any of this if you need support.  Please contact 0845 643 0642 or email CMS.Support@castletonplc.com and let them know your name and that you are a customer from PHA.

Additional Actions

We have updated and checked all of our security measures as well as tested the spoof email links.

The exchange server that was identified as the source of the unauthorised access has been upgraded to the latest version which has fixed the vulnerability to prevent a recurrence.  Our hosted ICT infrastructure provider, MRI, have also now deployed an SPF record which prevents emails being sent that originated from any unauthorised devices.  Additional email filter settings have been updated to further increase security over outgoing emails and the application of updates to servers will be automatically scheduled.

We have reported the incident to our Data Protection advisers, the Information Commissioners Office (ICO) and the Scottish Housing Regulator by way of transparency and to reaffirm that we take these matters seriously.

We are very sorry this has happened and want to insure you that our investigation and checks are continuing to ensure this doesn’t happen again. 

If you have any questions please contact Jacqueline McCutcheon on 07789 510 284 or get in touch info@partickha.org.uk

Posted in PHA

Email Issue – Further Update

Following some concerns about emails received from us earlier this week we are conducting a full and thorough investigation.

The instances occurred sometime between Monday 25 October, 11am to Tuesday 26 October mid-afternoon.  We have had reports that some customers and stakeholders have received emails claiming to be from PHA, I have noted below an example of the type of emails people have received.

Greetings! You’ll find all essential information through a link in the e-mail:

1)rab.com.mx/quiperferendis/eosa-528389

2)nord-vpn.laoluayefele.com/illumtotam/molestiaenon-528389

Our IT provider, MRI is conducting through investigation into this issue and has applied additional security to our infrastructure.  At this stage we have had verbal assurance from our provider that no personal data has been compromised and we are awaiting their full extensive report including feedback on additional checks and testing. 

We have been in regular meetings with MRI throughout the week with the next update due on Monday 1 November 2021.

If you received an email from us which you were not expecting during the times notes above we recommend that you change your passwords and forward on any suspicious emails to info@partickha.org.uk

We have raised the matter with our Data Protection Officer and the Information Commissioner’s Office.

We will provide an update in due course.

Posted in PHA

Issue With Email Update

We are still experiencing issues with our emails.

If you have received an email from us which you were not expecting please get in touch to let us know, 0141 357 3773

We recommend that you do not click on any links and we suggest changing your passwords.

 

 

Our IT Team is investigating fully and we will be in touch with an update soon.

Posted in PHA

Website Update

We are currently in the process of reviewing and updating our existing website, this means some pages may take longer to load whilst we review the current information and lay-outs.

During this review we are welcoming suggestions for improvement, to report any current issues or if you are interested in testing our new site – you can do this by visiting here.

Thank you for your continued patience.

Posted in PHA

COP26

The United Nations Climate Change Conference, better known as COP26 will be in Glasgow from 31st October – 12th November 2021 at the Scottish Event Campus (SEC).

There will be disruption to travel networks in and around our area. Current planned road closures and alternative routes can be found here.  You can also see any closures to walking and cycling networks through this link.

Businesses and residents directly affected by planned disruption will receive specific, direct communications forewarning them of the likely impact during specified periods.

You can find the full details, including any changes to other services within the city, on the Get Ready Glasgow website here.

Posted in PHA